How SMBs can Leverage Zero Trust to Deter Cyberattacks

Did you know that SMBs are more likely than enterprises to experience cyberattacks? That’s the case according to a recent study that shows small and medium-sized businesses are three times more likely to be targeted by cyber attackers than larger companies.

This was concluded after researchers at cloud security company Barracuda Networks investigated millions of emails across thousands of companies. It was discovered that small businesses with less than 100 employees received 350% more phishing emails than larger enterprises.

These emails mostly targeted CEOs and CFOs as they are seen to hold more value than normal employees. By taking over the account of a CEO, cybercriminals have a better chance of gathering important information to facilitate further attacks within the organisation.

Executive assistants are also high-value targets since they mostly hold access to executive accounts and are often used by company executives to pass messages to other employees.

The study further revealed that in 2021, one in five organisations had at least one account compromised.

So, why are SMBs more vulnerable and how can Zero Trust help prevent costly cyberattacks?

Why SMBs?

When you think about it, then it all makes sense. SMBs allocate very little resources to their cybersecurity. It’s highly unlikely that they have an IT department and if it exists it probably consists of one person or MSP.

Moreover, most SMBs rely on a single security solution that is supposed to take care of all cyber-security threats. Unfortunately, to successfully deal with modern-day attacks you need a combination of many tools including AI-powered solutions that not only prevent threats but can also deal with a threat that has already infiltrated your network

“Hackers no longer rely solely on ‘traditional’ threats such as spam or malware, therefore traditional email filtering technology is no longer sufficient to prevent modern-day attacks. It needs to be supplemented with machine learning security to protect against all email threat types,” notes the vice president of Barracuda Networks, Mike Flouton.

Employees in most small businesses also lack proper employee education on cybersecurity matters and thus they can’t recognize and deal with phishing emails.

And unlike in large enterprises where high-value employees especially those in the C-Suite are often shielded from unsolicited emails, the upper hierarchy in SMBs is very visible to the public and their business emails are distributed freely.

Lastly, the increased popularity of remote work means an increase in small businesses' endpoints, most of which are poorly protected. Consequently, cybercriminals now have more avenues to target. As reported by Blackberry, there has been a 600% increase in cybercrimes since the pandemic hit.

The solution

For SMBs looking to tighten their cybersecurity with limited resources, Zero trust stands as a great solution. By implementing zero trust in user authentication, then it means a password is no longer enough to allow users access to an account.

Passwords are easily the weakest link in any organisation’s security because of how easy they are to crack. Even with a strong password policy in place, there is the issue of user error to deal with. Like employees being phished through malicious sites disguised as legitimate sites.

There is also the issue of data breaches where login credentials are stolen and exposed to the public.

With Zero trust there will be multiple validation points, barriers, and strict controls that all users, even verified ones, need to pass through before they are allowed access.

And even with all these controls, a user will need to provide further proof that they have permission to access the information they need.