Why SMB’s Need a Cybersecurity Plan

Does Your SMB Have a Cybersecutiy Plan?

It’s 2022, and gone are the days of IT directors and technologists within your small- to mid-sized business (SMB) worrying primarily about simple viruses, trojans or spyware. Cyber attacks have increased in number, sophistication, and in complexity, and the pandemic has left companies more vulnerable than ever as they adapt to new operational models.

Cybersecurity may seem overwhelmingly complex, but a basic understanding of risks and vulnerabilities can help you stave off an attack no matter your size.

Threats Have Increased Since the Pandemic

Many SMB business owners invest in the basics, like antivirus software, but don’t necessarily think about attacks beyond that. But the world has changed, both in terms of how businesses operate and the types of cybersecurity attacks that can be leveraged to harm your company.

With the rapid and unexpected shift to work from home environments and employees using their own devices, many businesses were underprepared for the types of attacks they would be facing, from those launched through email or SMS, to phishing, insider threats, and even in-person cybersecurity attacks.

According to SecurityWeek, hackers and others with malicious intent will continue to target SMBs critical to the supply chain of larger enterprises in 2022, largely because their security measures are less sophisticated. And when an attack does happen, it can cause reputational, operational, financial and legal implications that could cripple your business operations.

Consider these statistics:

  • Cybercrime complaints to the FBI’s Internet Crime Complaint Center have more than tripled since the start of the pandemic.
  • Three-fourths of SMBs said they don’t have sufficient personnel to address IT security, even if they have the budget.
  • Deloitte reported that from February to May 2020, “more than half a million people globally were affected by breaches in which personal data of video conferencing users was stolen and sold on the dark web.”
  • Since COVID-19 many organizations have had exploits and malware that evaded their intrusion detection systems and anti-virus solutions, according to research from the Ponemon Institute.
  • Data from the US National Cyber Security Alliance revealed that 60% of small businesses that suffer a cyber attack fold within six months.

Given that many businesses can’t recover from a cybersecurity attack, would you know what to do if your business was attacked?

Proactive and comprehensive planning is critical to the livelihood of SMBs, and one way to begin creating a solid plan is by assessing the layers of the OSI model and whether your protection spans every layer.

An Introduction to the OSI 7-Layer Model

OSI stands for Open Systems Interconnection, and it’s a framework used to describe functions of a networking system. Rules and requirements of the model support interoperability between each of the seven layers, as well as other products.

At ARMOUREYE , we group the layers into three categories, including:

  • Hardware or Lower Layer
  • The Heart of OSI
  • Software or Upper Layer

Each group of layers is independent of one another, yet linked to the other layers. When one layer isn’t secure, all layers become vulnerable.

Common types of attacks to the Hardware/Lower Layer include sniffing, wired equivalent privacy attacks, IP smurfing and address spoofing attacks.

The Heart of OSI, known as the Transport Layer, could be exposed to routing information protocol attacks, SYN flooding, and sequence number prediction attacks.

Closest to the end user, the Software/Upper Layer is vulnerable to remote procedure call worms, portmapper exploits, phishing SSL/TLS session sniffing, network file system bugs, file transfer protocol, send mail, chosen protocol and version rollback attacks.

While you don’t need to understand every single layer or type of attack, it’s important to understand that attacks can happen at any of the layers and that it’s critical to have protection at all levels. A comprehensive plan offers multi-layer security, along with post-breech planning and recovery steps.

We’ll dive deeper into the OSI model and how it relates to cybersecurity in future blogs, as well as how you can improve your cybersecurity program using the NIST framework.

We’re Here to Help

Cybersecurity doesn’t have to be complicated. And while initial consultations can be $1,000 or more at other firms, ARMOUREYE offers a free, no-obligation consultation to help you assess your needs and how to protect your SMB against cybersecurity attacks.

A solid plan can keep disruptions to a minimum and keep you doing what you do best, running your business.

Request your FREE consultation (a $1,000 value).

SHIELD GUARDFebruary 3, 2022

Add Comment