Small businesses and cyber risks

• Fortinet Regional Vice President, India and SAARC Rajesh Maurya shares his expertise to help SMB businesses mitigate cyber risks as they fight advance attacks, limited budgets and lack of skilled person in their digital transformation journey

Q: How is digital transformation creating more opportunities with SMBs?

Digital transformation is occurring across all industries as organisations adapt to meet changing consumer demands and the need for a more mobile workforce. While this trend is largely associated with enterprises, it has actually been just as pervasive at small and medium-sized businesses (SMBs). In fact, a recent study commissioned by Fortinet and conducted by Techaisle found that 35% of SMBs say they are more reliant on technology today than in the past three years.

SMB customers are increasing their daily use of technology in order to innovate, increase speed to market, remain competitive, and more. Technology use allows these customers to expand their business reach and capabilities into new regions where budget or staffing restrictions may not have previously allowed. As a result, technology has become critical across all lines of business – not just IT. Software now facilitates sales and marketing initiatives, communication, and productivity. In particular, SMB customers are investing in the cloud and cloud-based applications due to their scalability, lower upfront infrastructure costs, and support of a mobile workforce and customer base.

 Q: What are the cyber risks an SMB is exposed to?

Investments in technology and digital transformation of business brings many benefits to SMBs, but they are not without risk. Adding solutions to the stack increases the attack surface at a time when cyberattacks are becoming faster, more sophisticated, and persistent. For SMB customers, a cyberattack is a high-stakes situation, as reports show that 60% of small businesses close within six months of a breach.

As organisations add technical capabilities, they have to be aware of—and take steps to mitigate—threats such as ransomware, DDoS attacks, malware, phishing, insider threats, and more. SMB leaders are aware of these risks, and are taking steps to invest further in security and minimise their susceptibility to cyberattacks, with 25% of small businesses and 62% of mid-market businesses noting intentions to increase their security budgets. The challenge is, SMBs must identify the most effective solutions to invest their limited budgets to get the maximum business benefits.

Q: Why do cybercriminals target SMBs?

SMB customers’ concerns regarding cyberattacks are warranted, especially as Verizon’s 2018 Data Breach Investigations Report found that 58% of all breaches in the past year occurred at small businesses – exceeding those at large corporations. Cybercriminals have zeroed on these organisations as a focus area for three key reasons.

1. They have data. It’s easy for smaller organisations to think they will not be targeted with a cyberattack because of their size, especially considering most breaches in headlines are at large corporations. However, this is not the case. Many of your SMB customers store data that is just as valuable to cybercriminals as that of larger companies – be it payment information, healthcare records, or other personally identifiable information. Having this information makes SMBs viable targets for attack. Furthermore, because this data is so critical to operations, smaller businesses are more likely to pay a ransom to get this information back in the event of a ransomware attack.

2. They have less protection and resources. Not only do these organisations have much of the same valuable information as larger companies, but they typically have fewer security controls in place, or might be relying on legacy systems that are no longer supported with regular updates, or that cannot share threat intelligence in order to identify and respond to threats at the digital speeds today’s attacks require. Part of the reason is that SMBs do not have the same level of resources and expertise to devote to securing their network as enterprises. While larger enterprises can hire full teams to support cybersecurity initiatives, SMBs simply lack the budget. This makes it easier for cybercriminals to bypass more basic controls to gain access to their networks.

3. They have less training. Finally, these organisations often do not have the same level of training or awareness of cyber risks. For example, only 40% of SMBs have formal protocols in place in the event of a breach and 42% are unsure which security measures they should have in place for cloud use. While larger enterprises may have security professionals who can provide this insight, the cybersecurity skills gap has priced many smaller companies out of this possibility.

Q: How can Fortinet reduce security complexity for SMB customers?

 For organisations that do not have devoted IT and security teams, the process of evaluating the components of their distributed network, determining where security risks exist, prioritising those risks, and then selecting and deploying the appropriate tools to mitigate those risks is daunting. Without a proper understanding of where their network is weakest, it is likely that these SMB organisations will end up deploying a patchwork of isolated point solutions. While deploying security tools across each potential entryway has the right intention, the lack of integration can actually reduce visibility and leave gaps in security.

Fortinet can assist by offering cyber threat assessments that eliminate this daunting responsibility from SMB IT teams. Cyber threat assessments monitor network activity to determine where vulnerabilities exist, as well as which applications are running within the network and what resources they utilise. It also notes bandwidth, session, and performance requirements at peak hours. With this information in hand, we are able to provide customers with a tailored plan for selecting essential security tools and processes that won’t disrupt performance and then deploying them precisely where the network and data are most vulnerable and valuable.

Q: What are the sweet spots for Fortinet in the Sri Lankan SMB market?

The SMB market is actively seeking to increase its level of cybersecurity, and needs a knowledgeable, reliable partner to help them evaluate their security requirements and determine which controls they need to invest in to maximise the value of the limited budget they have to spend.

Fortinet offers a variety of security solutions that are specifically designed for SMBs and their main concerns of losing consumer data, losing consumer trust, suffering reputational damage, and being out of compliance with regulatory standards due to a successful cyberattack—and with the best price/performance and functionality value in the market.

Fortinet’s Unified Threat Management solutions provides security across an organisation’s entire network while simplifying management through deep functional integration and single pane of glass visibility. Fortinet also offers cloud management and reporting, secure switches, and access points that have all been designed with functionality, interoperability, and security in mind. Having a centralised view of network activity removes strain from limited personnel, while the integration of powerful yet cost-effective switches, wireless access points, and endpoint security controls stretch across the entire network, enabling them to work together as a single security fabric to detect and mitigate even the most sophisticated threats.

Fortinet offers complete, end-to-end network protection to organisations of all sizes. Fortinet partners are trained to determine a business’s security needs based on the answers to a few simple questions, such as the number of employees in the organisation, how many devices each employee connects the network, and what sorts of applications and cloud services they are running.

Fortinet can assist these organisations in finding the right level of security for their individual needs to keep them from suffering a data breach, while harnessing the benefits of new technologies to grow their digital business.