Modern Cyber Security for SMBs: Expectations vs. Reality

The cyber security threat to small and medium-sized businesses has never been so apparent with hackers growing in their numbers and sophistication.


2021 was the year were cyber security made its mark on Ireland like no other. The HSE attack was the event that pushed cyber awareness to the front of people minds. The truth is that the HSE was just one of many organisations that were breached last year. A recent study from a well-known cyber security provider shows that there was a 50% increase in cyber-attacks on companies in 2021 compared to 2020 1. This year we are expecting a similar trend. According to PwC, more than 60% of Irish businesses expect cybercrime to increase this year, a higher level than their global counterparts.

So why a surge in cyber threats?

Since early 2020, we’ve seen a vast increase in remote working, cloud adoption, bring your own device (BYOD), and IoT (Internet of Things), as SMBs digitally transform themselves to enable a flexible and hybrid workforce. All these moving parts create gaps in a business’s cyber security. Cyber-criminals often target the self-employed and SMBs, as they lack the resources that large businesses have to invest in cybersecurity2. SMBs and the self-employed who become targets of a cyber-attack can end up facing financial and operational consequences, of which some may never recover from.

For hackers, the barriers of entry into the world of cybercrime are low and the rewards are typically high. In 2021, Microsoft reported ransomware as-a-service is now available, this is when aspiring hackers can sign-up for ransomware campaign software for a monthly fee. Ransomware is a type of malicious software (malware) that threatens to publish or blocks access to data or a computer system, usually by encrypting it, until the victim pays a ransom fee to the attacker. In many cases, the ransom demand comes with a deadline. If the victim doesn’t pay in time, the data is gone forever or the ransom increases3.

It’s not only ransomware that is growing in popularity. The Law Society reported in The Irish Times recently that clients of a solicitor sent money to a fraudster’s account after a cyber-attack. The incident involved an employee clicking on a link inside a phishing email that led to an attack called “Account Takeover”. The breach led the criminal to “stalk” the solicitor’s email account for a period and then fraudulently misdirect funds to an overseas bank account, costing the law firm customers’ thousands and a damaged reputation for the solicitor. It takes years to build up a great reputation with customers, but it only takes one breach to leave a business’s reputation in tatters.

What can SMBs do to defend against attacks?

Gone are the days of simply implementing traditional security tools like endpoint protection (anti-virus and anti-malware) and a firewall. These tools may protect you to a point, but the siloed and reactive nature of these security tools may be leaving your business vulnerable to security gaps, unknown zero-day threats, and other vulnerabilities.

Furthermore, there is a human aspect to this. People are trying to be focused, flexible and productive while working from home, but as we know people can fall prey to sophisticated scams and phishing emails. Cyber awareness training helps to reduce the risk, but businesses need a safety net in the event of human errors.

Modern Cyber Security Posture

Today, SMBs need a modern cyber security posture. A proactive and joined-up approach to cyber security is required, utilising a combination of the latest security technology and an added layer of monitoring that puts “eyes on glass” i.e., a security team to watch over the entire IT environment.

The modern cyber security approach uses technology built upon integration and automation. Once the right tools are in place, they will output logs for any suspicious activity or notifications for new vulnerabilities detected, such as a missing security patch. Ideally, the events are monitored by a Security Operations team utilising an EDR (Endpoint Detection and Response) platform that gathers the logs and analyses them for threats. The Security Operations team is made up of experienced cyber security analysts who are trained to identify potential attacks and investigate them in real-time, keeping organisations safe around the clock.

Innovative Service for SMBs

CommSec provides businesses with an innovative cybersecurity service called Business Secure. This service was designed with sole traders and SMBs (up to 25 users) in mind and provides the latest cyber security tools and EDR service for €50 per month (per user ex vat). You can sign-up for this service directly online and start benefiting from CommSec’s proactive security service within two working days. As an introductory offer, if you sign-up for 12 months, then the cost is reduced giving you 12 months for the price of 10.

Find out more about Business Secure