More than half (54%) of organizations experienced at least one type of cybersecurity incident in the past year, with 39% reporting two or more. These incidents have included ransomware attacks and interruptions of business applications and processes.
Many mid-market companies are aware of the risks, but don’t have plans to address them. The National Center for the Middle Market said that while 86% of mid-market firms consider cybersecurity an important concern to their business, more than half lack a sufficient strategy to combat the growing cyber risks they face. An alarming 30% of the companies surveyed said they had no cybersecurity action plan.
The NCMM has now launched the Cybersecurity Resource Center, the first of its kind specifically designed to serve the needs of mid-market firms with cybersecurity planning and resources. The center features up-to-date data and resources for mid-markets to analyze and address their risk level. It also offers insights on how to train people, develop processes, and deploy technology to prevent attacks and recover from them if they do happen. The Cybersecurity Resource Center‘s components were developed by experts from The Ohio State University Fisher College of Business, Grant Thornton, LLP, Cisco Systems, and SunTrust Banks.
Vishal Chawla, national managing principal for Grant Thornton LLP’s Cyber Risk Advisory practice, said firms need to understand their threat profile in the same way that criminals do. “In today’s global threat environment, cybersecurity is about protecting your critical business assets and managing cyber attacks proactively—so they don’t become business crises,” said Chawla.
Overcoming the challenges
Many organizations said they’re having trouble meeting these challenges, because they lack the resources and manpower. One research study found that cybersecurity professionals need bigger budgets, more detailed goals and metrics added to manager’s objectives, more cybersecurity professionals on staff, and better training to make employees more cognizant of cyber risks.
A white paper on cybersecurity preparedness and response said companies need to build a security-aware organization with policies and procedures sanctioned by management. And since companies still face a high risk of being attacked in any given year, they also need a detailed plan on how their organization would respond or recover in the event of one.
NCMM’s Cybersecurity Resource Center features a self-assessment framework to help companies understand their risks. It also offers access to the Cisco Global Malware Heat Map which presents a global picture of where malware is originated and features locations host, names, organizations and IP addresses to find where the biggest threats are in real time. There are even informational videos and tutorials and white papers from government agencies, technology companies and consulting firms.
Thomas Stewart, executive director of the NCMM, said while many mid-markets realize the importance of cybersecurity, they lack the scale to create a robust program from scratch. He said the center can “bridge the gap” between awareness and effective security.