While small and medium businesses (SMBs) may not always be the priority for cybercriminals, they must still remain vigilant and not treat cybersecurity as a mere afterthought.

The good news is that more SMBs have become increasingly aware of this. A recent Cisco study found that Singapore-based SMBs are now more aware of cybersecurity threats and have begun implementing strategic initiatives to improve their cybersecurity practices.

45% ranked phishing as the top cyber threat, followed by unsecured laptops (22%), targeted attacks from malicious actors (15%) and the use of personal devices (11%). Since the pandemic began, 80% have upped their investment in cybersecurity solutions, compliance, monitoring, talent, training and insurance.

72% have completed scenario planning for or simulations of possible cybersecurity incidents in the past year, with the majority having established cyber response (78%) and cyber recovery plans (81%).

Additionally, 82% of those who have completed scenario planning or simulations identified weak spots in their cyber defences, with 94% of these SMBs possessing the correct technologies but lacking staff qualified to use them. A similar percentage said they had excessive technologies and were having issues integrating them.

While these statistics are encouraging, what are some cybersecurity trends SMBs should stay on top of for 2022?

Developing a cybersecurity strategy

An all-rounded, extensive cybersecurity strategy is the first and most important step for SMBs to prepare for and protect against cyber threats. This strategy should cover not just employee and end-user training but also plans for crisis communication and business continuity to ensure quick recovery in the event of an attack.

SMBs must also bear in mind that cybercriminals are continually refining their tactics to get around cybersecurity protocols, making it imperative to constantly upgrade their cybersecurity strategies to better anticipate and handle cyber threats and attacks.

Cloud-based operations for better defence

An increasing number of SMBs have turned to cloud-based operations in recent years. A 2019 study by Cisco found that by 2017, 70% of mid-market firms had begun hosting networks in the cloud, up from 55% in 2014. 68% of the respondents surveyed in the study believed the cloud offered better data security, and 49% said it helped them close gaps in their limited number of internal IT hires.

Robust cloud security operations should respond reactively to cyber attacks detected by an SMB’s cybersecurity tools, and proactively search for attacks that may have evaded previous reactive detections.

At the same time, SMBs should be sure to avoid silos between network operations centres (NOCs) and the security operations centres (SOCs), so as to allow multiple internal parties to provide data to help handle threats and prevent attacks.

Establishing a common infrastructure and merging the processes of NOCs and SOCs will drive better cross-organisational communication and more efficient data sharing and access, all at a lower cost — both pre-emptively and reactively.

Outsourcing cybersecurity

Often, SMBs outsource cybersecurity tasks to make up for a lack of internal resources, as well as to improve their knowledge of cyber threats.

Outsourcing cybersecurity also ensures professional round-the-block data protection, threat detection, and recovery from attacks, provided by certified experts who can customise cyber protection according to their clients’ business needs.

Furthermore, outsourcing cybersecurity is cost-efficient, thanks to common costs, estimates to help clients determine essential services, and the elimination of a need for employee benefit packages typically offered to internal staff.