The recent unprecedented pandemic has enforced accelerated adoption of technology and digital capabilities across the businesses and enterprise ecosystem. It has enabled businesses of all sizes to transform their business models and customer engagements and launch new product and service offerings. The increased cloud migration, technology integrations, remote working, and ecosystem collaborations have created more business opportunities and a playground for cybercriminals with expanded targeted attack surfaces. In the age of Zero-Day Vulnerabilities and Zero Click Attacks, no business or enterprise is spared from the ever-growing sophisticated cyber threats.

Larger enterprises and specific industry verticals are forced to adopt stronger cyber resiliency and maturity capabilities to meet their business continuity plans, regulatory requirements and customer trust. The increasing cyber-attacks make it imperative for cybersecurity to be at the forefront of every business leader's mind. However, there is a general misunderstanding that only large-scale organizations are targets of a cyberattack; this ideology is lulling business leaders into a false sense of security. The Small and Medium Business (SMB) segments are not prepared for a cyber-attack of any nature, severity, or type. Woefully, SMB organizations do not have sufficient skilled cyber security resources, cyber defence budget, knowledge, and awareness to meet the required cyber readiness and resiliency.

Based on an article published by the Australian Small Business and Family Enterprise Ombudsman (ASBFEO) quotes from various studies that 87% of small businesses believe their business is safe from cyberattacks because they use antivirus software alone. The common misperception is that cyber criminals target only large organizations, or SMBs are the least targeted due to their small size or having less valuable assets. The article says that Small business targets 43% of all cybercrimes, and 22% of small businesses breached by the 2017 Ransomware attacks were so affected they could not continue operating. According to Verizon's 2021 Data Breach Investigations Report, 46% of breaches impacted small and midsize businesses. Also, as per one of the reports published by MYOB, 33% of companies with fewer than 100 employees don't take proactive measures against cyber security breaches.

As per Sophos report on cybersecurity experiences in India in 2021, 62% of SMEs were targeted for cyberattacks, with damages attributed to these exceeding Rs. 3.5 crores. Aside from the financial implications of a cyber-attack, the potential reputational damage associated with compromising customers' personal data can also be devastating for start-ups and SMBs. Small and medium businesses' most common cyber-attacks are Phishing, Malware, Ransomware, Social Engineering, Insider Threats, DDoS, DNS Assault, Cryptojacking, Password concentrating, etc.

It is imperative that SMB organizations adopt Cyber Security Best Practices as a culture with a "SecureFirst" mindset. The below top 5 approaches will help SMB organizations significantly improve their cyber resiliency and defence capability against constant attacks.

1. Continuous backup of all the relevant and required data
2. Building a Secure Culture with Security awareness and training initiatives across the organization
3. Strong Password protection policies, programs with Multi-Factor Authentication
4. Ensuring systems, software and applications with the latest updates and right configurations
5. Implement and practice baseline security controls, policies and programs regularly

Cybercrimes and attacks are getting sophisticated, autonomous, and evolving. Hence, small business leaders must implement a concrete, holistic cybersecurity strategy as those who don't will ultimately leave a door open for hackers and leave their most sensitive financial, customer and business data, and ultimately their companies, at significant risk.