Hiroyuki Takahashi is a security engineer and evangelist in the Office of the CTO for Check Point Software Technologies. He has been working in the cyber security sector for over 15 years, providing guidance and leadership in the field of network security. In his current role with Check Point, he helps SMB organizations to improve security with MSSPs.
He is also one of Check Point’s SMB subject matter experts, driving and delivering proof of concepts, architecture, network designs, and security awareness.
In this exclusive interview, Hiroyuki Takahashi offers excellent insights into the world of cyber security for SMBs (small and medium-sized businesses). Discover how SMBs can improve their security posture and find out about what your management team can do to prioritize security. This is expert information that you don’t want to miss.
Why are SMBs perhaps more vulnerable to cyber attacks than larger organizations?
Large organizations understand the threats of cyber attacks and they invest in cyber security. However, SMB customers often cannot exactly understand the risk. As a result, they do not invest in cyber security and are open to many vulnerabilities that could lead to a cyber attack. In fact, 54% of attacks on SMBs are successful compared to only 7% of the success rate for large enterprises.
Based on everything that you have seen, what are key weaknesses in SMB security?
1. Lack of knowledge about IT/ cyber security: Many small businesses lack the technical capabilities to independently secure their systems. Therefore, it is important to engage with vendors and partners who can offer the proper solutions and advice tailored to SMB business requirements.
2. The attitude of SMB companies regarding cyber attacks. They never imagine that SMB companies would be the target of a cyber attack. They think that it is not worth it to invest in cyber security, so they do not create an adequate IT budget for it. Budget constraints often mean that SMBs are responsible for making decisions in areas for which they may lack expertise.
As a result, small business cyber attacks may not only cause huge levels of damage to SMB reputations, they can also result in the loss of critical assets and costs in order to fix the damage.
Where are organizations making missteps/wrong turns with their security programs?
The biggest risk is being unprepared. There are no short cuts you can take when it comes to cyber security. Being unprepared is the biggest cyber threat facing small businesses today.
How can SMBs address these problems/weaknesses?
SMBs need to correctly understand the risk of cyber threats. They need to choose a simple and all-in-one solution that can protect from all evolving threats.
Would SMBs benefit from working with an MSSP?
The most important thing is to maintain the security solutions with the correct settings. An MSSP can fully manage and maintain the optimum settings for the solutions from a remote environment. The MSSP can utilize an SMP (security management portal), which is bundled with an SMB appliance to provision security efficiently for small businesses.
What arguments can IT pros use to convince stakeholders that their SMB needs better security?
SMBs start to consider investing in cyber security after they have been a victim of an attack. However, it’s too late by then, so IT pros need to explain to stakeholders that SMBs are constantly at risk of attack and a damaged reputation by a breach. I do suggest analyzing the current risk correctly.
The best way to analyze the risk of cyber security is a no-cost Security CheckUp from Check Point. This can analyze the customer’s network and collect comprehensive data on active threats to the complete environment, including networks, endpoints and mobile devices.
How can CEOs, COOs and board members improve support for their SMB’s security initiatives?
They need to first understand that small businesses are an attractive target because they have information that cyber criminals can leverage, and they often lack the security infrastructure of larger enterprises.
An understanding of this risk will guide the implementation of security strategies, process changes, and justify security-related expenditures. They should liaise with their cyber security vendor to guide them through the risk analysis.