NCSAM Takeaways & Tips for SMBs

NCSAM Takeaways & Tips for SMBs

National Cybersecurity Awareness Month in the U.S. and CyberSecMonth in Europe are coming to a close, but that doesn’t mean it’s time to sit back and relax. Cybercrime is a year-round threat that requires year-round vigilance and proactive security measures.

To close out the month, let’s recap the top takeaways from the Ponemon Institute’s 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses, sponsored by Keeper Security.

  • Cyberattacks are on the rise globally and becoming more targeted and sophisticated; 66% of respondents reported being attacked in the last 12 months.
  • The U.S. is leading the world in cyberattacks; 76% of U.S. SMBs were attacked in the last 12 months, compared with only 55% in 2016.
  • Cyberattacks are evading technical security defenses; 69% of SMBs worldwide experienced cyberattacks that got past their intrusion detection systems, and 82% were targeted by attacks that their anti-virus solutions didn’t catch.
  • Cybercriminals are favoring social engineering schemes that rely on deception. Over the last 12 months, the most common cyberattack types globally included phishing (57%), compromised or stolen devices (33%), and credential theft 30%.
  • Cyberattacks frequently involve the theft of sensitive data; 63% of businesses in the U.S. and Western Europe reported the loss of sensitive customer or employee data.
  • SMBs are ill-prepared to defend themselves. Nearly half (45%) of respondents to the Ponemon survey described their IT security posture as ineffective, and one-third have no incident response plan.
  • SMBs aren’t securing their employees’ passwords. Only 45% of respondents reported that their organization had a password security policy — and out of those, only 32% strictly enforced it and required the use of a password manager.

Potential solutions

Technical defenses such as firewalls, anti-virus software, and intrusion detection systems are important, but they’re useless against phishing and other social engineering schemes, which is why cybercriminals are favoring these techniques. It is crucial that companies educate their employees on cybersecurity awareness and best practices, such as how to identify phishing schemes.

However, employee education isn’t enough. Robust password security would prevent most data breaches. Every business needs to:

  • Require strong, unique passwords for every account
  • Prohibit sharing of passwords
  • Require 2FA
  • Require the use of a password manager

Learn more during our upcoming live webinars

We hope you can join Keeper and the Ponemon Institute for one of our live webinars as we discuss the findings of the Ponemon 2019 Global State of Cybersecurity in SMBs study and what SMBs can and should be doing to protect themselves from cyberthreats.
U.S. webinar: Wednesday, October 30, 1:00 p.m. ET
U.K. and Europe webinar: Thursday, 31 October, 2:30 p.m. GMT