Cyber attack is a high-stakes situation for SMBs, says regional vice-president of Fortinet

SMB customers are investing in the cloud and cloud-based applications due to their scalability, lower upfront infrastructure costs, and support of a mobile workforce and customer base. But these are not without risk. “For SMB customers, a cyberattack is a high-stakes situation, as reports show that 60% of small businesses close within six months of a breach,” says Rajesh Maurya, regional vice-president, India & SAARC, Fortinet. In a recent interaction, he shares with Sudhir Chowdhary his expertise to help SMB businesses mitigate cyber risks as they fight advance attacks, limited budgets and lack of skilled person in their digital transformation journey. Excerpts:

What are the cyber risks an SMB is exposed to?

Investments in technology and digital transformation of business brings many benefits to SMBs, but they are not without risk. Adding solutions to the stack increases the attack surface at a time when cyberattacks are becoming faster, more sophisticated, and persistent. For SMB customers, a cyberattack is a high-stakes situation, as reports show 60% of small businesses close within six months of a breach.

As organisations add technical capabilities, they have to be aware of—and take steps to mitigate—threats such as ransomware, DDoS attacks, malware, phishing, insider threats, and more. SMB leaders are taking steps to invest in security and minimise their susceptibility to cyberattacks, with 25% of small businesses and 62% of mid-market businesses noting intentions to increase security budgets. The challenge is to identify the most effective solutions within their limited budgets to get maximum business benefits.

Why do cybercriminals target SMBs?

SMB customers’ concerns regarding cyberattacks are warranted, especially as Verizon’s 2018 Data Breach Investigations Report found that 58% of all breaches in the past year occurred at small businesses —exceeding those at large corporations. Cybercriminals have zeroed on these organisations as a focus area, primarily because of the data that they have. Many SMB customers store data that is just as valuable to cybercriminals as that of larger companies—be it payment information, healthcare records, or other personally identifiable information. Having this information makes SMBs viable targets for attack. As this data is so critical to operations, smaller businesses are more likely to pay a ransom to get this information back in the event of a ransomware attack.

Do the limited resources of SMBs also limit their ability to protect themselves?

Absolutely. Not only do these organisations have much of the same valuable information as larger companies, but they typically have fewer security controls in place, or may rely on legacy systems that are no longer supported with regular updates, or that cannot share threat intelligence to identify and respond to threats at the digital speeds today’s attacks require. Part of the reason is that SMBs do not have the same level of resources and expertise to devote to securing their network as enterprises.

Finally, only 40% of SMBs have formal protocols in place in the event of a breach and 42% are unsure which security measures they should have in place for cloud use. While larger enterprises may have security professionals, the cybersecurity skills gap has priced many smaller companies out of this possibility.

What are the sweet spots for Fortinet in the Indian SMB market?

The SMB market is seeking to increase its level of cybersecurity, and needs a knowledgeable, reliable partner to help them evaluate their security requirements. Fortinet’s Unified Threat Management solutions provides security across an organisation’s network while simplifying management through deep functional integration and single pane of glass visibility. Fortinet also offers cloud management and reporting, secure switches, and access points that have all been designed with functionality, interoperability, and security in mind.