In early 2019, Ponemon Institute presented the results of the second annual study on the 2017 State of Cybersecurity in Small and MediumSized Businesses sponsored by Keeper Security. The study revealed that Cyber-attacks affected more SMBs in the past year, an increase from 55 % to 61 % of respondents.
Additionally, Simon West, Cyber Risk Advisor at Axis Capital argues that SMBs are in denial that they could be a victim of a cyber-attack.
He highlights that no vessel should be allowed to sail if it does not require the features that make it cyber seaworthy, explaining that a vessel can be cyber seaworthy by following the steps below:
- Least Privilege – a given user should only be able to access the information and resources they require for legitimate reasons to carry out their duties.
- Segmentation – network segmentation enables the containment of malware and other potential threats and can boost the efficiency in terms of network performance.
- Patching – usually a patch is installed into an existing software program to mitigate exposure to vulnerabilities.
- Encryption – use of algorithm to transform information to ‘unreadable mode’ for users that are unauthorized.
- Multi Factor Authentication – Multi factor authentication (MFA) is a security mechanism in which individuals are authenticated through more than one required security and validation procedure.
- Backups – It is advised to keep backups on various media types with one stored offline and offsite, while the restoration process should be tested to avoid difficulty during a real incident.
- Education and Awareness