December 4, 2019 • The Recorded Future Team
When most people think about threat intelligence, they think about large organizations. Perhaps a telecom provider that needs to stay ahead of nation-state hackers, or a financial institution that wants to keep track of APT group activity in their industry.
However, it’s not only large organizations that need to worry about cyberattacks. In fact, small and medium-sized businesses (SMBs) have long been popular targets for cybercriminals, ranging from lone wolves all the way up to organized crime syndicates.
For obvious reasons, SMBs have smaller security budgets, which generally means they have more potential security weaknesses to target. While the payoff for breaching an SMB might not be on the same scale as that of a larger organization, the effort-to-cost ratio could be very attractive to cybercriminals.
Let’s examine how SMBs can use threat intelligence to enhance their cybersecurity programs.
SMB Cyber Threats Are No Small Matter
As a rule, cybersecurity headlines are dominated by attacks against (and breaches of) very large organizations — the “Targets, Yahoos, and Marriott Internationals” of the world. However, these headlines don’t really reflect the types of organizations being targeted by cybercriminals.
According to research by Symantec, a massive 65% of cyberattacks target SMBs. While these attacks (and the breaches they lead to) are not as high profile as attacks against larger organizations, they are no less damaging.
According to Verizon’s Data Breach Investigations Report, 43% of all breaches affect SMBs. And as security firm 4iQ noted in its 2019 Identity Breach Report, the number of SMB breaches has increased by an incredible 424% since 2017.
While the dollar amounts associated with SMB breaches are lower than those we see highlighted in media reports about attacks on larger companies, the stakes are actually higher for smaller companies. All of these attacks and breaches add up to a serious financial headache for SMB owners and executives. On average, SMBs lose $80,000 per year as a direct result of cyberattacks. Individual losses vary substantially depending on the size of the company affected — ranging from around $2,000 to more than $1 million — but nearly always cause a tremendous strain on available resources.
A survey of more than 1,300 SMB owners found that more than 80% lack the financial resources to recover from a cyberattack or data breach. It’s no surprise that, according to some estimates, as many as 60% of SMBs go out of business within six months of a cyberattack.
Threat Intelligence for Small Businesses
For obvious reasons, SMBs have much smaller security budgets than larger companies. Unfortunately, despite these constraints, there is still a great deal to be done to protect against cyberattacks — often much more than seems possible given the available resources.
Threat intelligence helps SMBs make better decisions about how and where to allocate their security resources by making their existing security teams more efficient.
Common use cases include:
1. More Effective Vulnerability Management
Vulnerability management shouldn’t be treated as a numbers game. While there may be dozens of vulnerabilities present in an SMB’s network environment, only a small fraction of them are likely to be exploited at any given time. Threat intelligence helps SMB security teams identify the most important vulnerabilities — generally those that are being actively exploited or included in exploit kits — so they can prioritize their efforts accordingly.
2. Better Decision-Making
When you have a limited security budget, making good investment decisions is critical. In an industry that’s heavily buzzword-oriented, however, it can be difficult for SMBs to identify the tools and technologies that are most important for their organization. Using threat intelligence, IT and security leaders at SMBs can strengthen their understanding of the types of threats they are likely to face, and plan their security initiatives and investments accordingly.
3. Faster Incident Response
Responding to security incidents is a major part of any security team’s workload. When incidents are dealt with quickly, they are far less likely to lead to a breach. Rapid incident response can only be achieved when security teams have access to the information they need to identify and resolve security incidents, though. Threat intelligence integrates with existing security technologies to provide SMB security teams with a manageable stream of alerts, devoid of time-wasting false positives, so they can be used to quickly identify potential threats and respond appropriately.
4. Rapid Breach Containment
As we’ve already seen, the cost of containing security breaches can easily force SMBs out of business. The longer it takes to identify and contain a breach, the more it costs. Threat intelligence provides SMB security teams with the indicators of compromise (IOCs) they need to spot potential breaches, while helping them to identify stolen records the moment they appear for sale online. This information helps SMBs identify and contain breaches far more rapidly, leading to drastically reduced costs.
Leveling the Playing Field
SMBs face an uphill challenge to secure their environments against cyber threats, perhaps even more so than larger organizations. Threat intelligence helps SMBs build strong cybersecurity programs from the ground up — from planning initiatives and investment decisions, to quickly identifying and containing data breaches.
If your organization isn’t currently using threat intelligence, there’s an easy way to get started. Sign up for our free Cyber Daily newsletter to receive the top cybersecurity intelligence direct to your inbox each morning. That includes:
- Top targeted industries
- Most active threat actors
- Most exploited vulnerabilities
- Trending malware
- The latest suspicious IPs
- And much more
Subscribe today and start using this intelligence to keep your organization safe from cyber threats.