Webinar Recap: What Small Businesses Get Wrong About Cybersecurity
BlackCloak founder and CEO Dr. Chris Pierson recently participated in a webinar on what small businesses get wrong about cybersecurity and how to avoid common mistakes. ContraForce, a cybersecurity readiness management tool for small businesses, sponsored the webinar. Adam Gladsden, head of cybersecurity solutions at Swiss Re, a global provider of reinsurance and other protections against insurance based-risk transfer, also participated.
The purpose of the webinar was to help small businesses better leverage security to ensure business success. According to Verizon’s 2022 Data Breach Investigations Report, 61% of small businesses experienced a cyberattack in the previous year, In total, 43% of small businesses have been a data breach target, according to CNBC.
Addressing common misconceptions about small business cybersecurity
The webinar began with extensive dialogue on the most common cybersecurity misconceptions among small businesses. The panelists cited seven misconceptions among SMBs negatively impacting their quest for cyber resilience.
- Compliance equals security
- Robust cybersecurity is too expensive
- Their business doesn’t generate enough revenue to be targeted
- Layered security approach isn’t needed
- Reputation damage isn’t a cyber risk
- Preventing risk transfer is not as important as risk mitigation
- Incident response is unnecessary
While misconceptions are evolving, some are proving harder to break than others. In the panel’s opinion, the number one misconception is that compliance equals security. For example, the panelists referenced the fact that many small businesses are striving for SOC 2 completion. But in doing so, they mistakenly believe that they are reducing risk simply through their compliance.
How small businesses can prepare for cyberattack
According to Chris Pierson, small businesses must “practice like they play.” That is, every organization regardless of size should run a couple of realistic attack scenarios and evaluate how people, process and technology respond. Every organization must also understand where their devices are located, where data resides, and what type of data is most valuable to their business.
As for who owns cybersecurity in small businesses, the panelists debated the role of the SysAdmin, CTO, CEO, CIO, and CISO in organizational security. The consensus was that smaller environments are more conducive to SysAdmins and CTOs running the ship, while CEOs and CISOs focus on empowerment, leading with empathy, and planning for disaster recovery.
To conclude, the panelists provided tips on how small businesses can start their cybersecurity journey. Basic defense-in-depth measures, such as patch management, personal and corporate endpoint security, access control and security awareness training, are the priority. Dr. Pierson also reaffirmed the need to protect personal digital lives via digital executive protection in response to the expanding attack surface.