For Todd Moore, vice president (VP) of Encryption Solutions at Paris-based deep-tech solutions provider Thales, no industry or organization is immune to data breaches, and small to medium-sized businesses (SMBs) are particularly vulnerable.
Moore was joined by Carsten Maple, Professor of Cyber Systems Engineering at the University of Warwick, England, in a Linkedin Live event following the release of Thales’ 2022 Digital Trust Index that focuses on the current cyber threat landscape and building customers’ trust in today’s digital world.
Breaching lots of smaller organizations rather than one of the big organizations can be much more profitable for organized gangs, as it allows them to keep the awareness level down and stay out of the press, explained Moore. The media often does not deem it very newsworthy to cover the data breaches happening in smaller organizations.
Thales’ Digital Trust Index report showed that 20 per cent of customers are likely to leave a company after a major data breach. This represents a significant loss for smaller businesses that are dependent on a smaller customer base.
But our reliance as consumers on big organizations does not help smaller businesses either. The report showed that despite trusting big organizations the least, more than 80 per cent of consumers still want to use a big company after a data breach.
Interestingly, the report showed that only a fraction of consumers (31 per cent) want heavy fines levied against the big organizations for failing to protect customer data. Most wanted the company to immediately disclose that there had been a breach. SMBs can capitalize on that and seek to offer better communication and transparency to their customers, affirmed Moore.
SMBs can differentiate themselves by showing they care about their customers’ data, and are willing to go the extra mile to protect customer data and apply the appropriate security controls, said Moore.
“An SMB that puts security first will attract more new customers and retain them after a breach occurs. For an SMB, being able to show that they were well-prepared (from a data security perspective) before a breach will help stem the loss of customers after the breach.” said Moore.
He added that while SMBs can be particularly vulnerable, they are dealing with less complexity than bigger organizations, and can therefore contain “data sprawl” and communicate the immediate security measures they have put in place.
Moore recommends that all organizations, including SMBs, apply a straightforward security strategy: Discover, Protect and Control. This entails knowing where your critical data is situated, where it is moving (data flows and visibility), protect the data through encryption, tokenization and access controls, and finally, control the data via centralized key management and consistent security policies.
“SMBs may have the most to lose from a data breach. These smaller companies should be even more prepared to protect their company’s and their customers’ data. If SMBs don’t prepare themselves properly, consumer trust is difficult to gain, but very easy to lose.” said Moore.