How to
Jonathan Crowe
Dec 2015

The 5th Day of Breach-mas: 5 Hidden Strengths to Make You More Secure

Photo by Source


Editor’s note: This is the fifth post in our “12 Days of Breach-mas” series — every day we’re sharing new tips and insights to help keep you more secure. For a recap of what you may have missed, see our summary post here.


If you've been following the Barkly blog you've heard our take on the proliferation of high-profile data breaches in the headlines before. On one hand, more mainstream coverage means more people talking about security, which is a good thing. On the other hand, limiting all the focus to big-name businesses and their dishy cybersecurity woes can reinforce the misconception that breaches are strictly an example of #bigcompanyproblems. 

That's a bad thing, because the stats show small- and medium-sized businesses have actually become even bigger targets than their enterprise counterparts, with 60% of all targeted attacks striking small businesses in 2014.

And that raises a discouraging quesiton:

If large companies with mammoth budgets and entire teams of security experts at their disposal aren't able to stop data breaches, what hope do small businesses have?

The good news is that being part of a smaller organization can actually provide you with certain natural advantages you should embrace. 

As the list below indicates, “big security” isn’t always better security, and just because big businesses have all the resources, that doesn’t necessarily mean they can deploy them quickly or efficiently.

Based on the idea that simple is easier to secure than complex, here are five ways you can turn what you may see as weaknesses into surprisingly powerful strengths. By leveraging them effectively, not only will security feel more manageable, you’ll also be able to accomplish more with less.


5 Cybersecurity Advantages You Never Knew You Had

1) A smaller attack surface is easier to defend

Think of your attack surface as all the different points that potentially expose your system to an attack. These can include open ports, web applications with potential vulnerabilities, users with access credentials, etc. The more complexity you introduce (the more users and types of users you add, for example), the larger the attack surface becomes.

By their nature, small businesses generally start out with a smaller attack surface. That’s an advantage they should try to hold onto as long as they can as they grow, taking steps to actively map, manage, and reduce their attack surface whenever possible. For more tips on how to do that, see OWASP’s Attack Surface Analysis Cheat Sheet.

2) A smaller system is easier to monitor

Having fewer machines also means you can watch them more closely without flooding a management system. Even the best security teams at large companies can get overwhelmed sorting through onslaughts of data. Having greater visibility and less noise to filter is a big advantage.

As you grow, you’ll want to investigate automation and continue to find ways to limit the information you have to process.

3) A fresh start can be even better than a head start

When you’re rolling out a new security initiative, starting out with a blank canvas can actually be a blessing in disguise. Larger companies often have a hefty amount of legacy baggage to deal with. Existing policies and solutions can pose significant hurdles to innovation, especially when they’re budget sponges or compatibility nightmares.

That’s also something to keep in mind during any purchase and policy decisions you make as your company grows. We’ll look into how the top five security technologies can integrate and enable each other in Part 3.  

4) A flat organization is easier to transform

Because smaller organizations tend to be flatter and more centralized, it’s easier to develop a true culture of security where everyone feels a sense of ownership and responsibility. Security policies and initiatives can also be better tailored to suit the specific needs of departments and individuals, allowing them to be more relevant and less general.

5) Fewer employees are easier to manage

When 77% of small business IT pros say employees are the single weakest link in their security infrastructure (CloudEntr) it’s easy to understand why having fewer of them can be an advantage. In addition to reducing your attack surface, it can also give you more opportunity for group as well as one-on-one training. That's key, because inspiring all of your employees to participate in the security of the company is what will ultimately pay the highest dividend.

For tips on training your employees effectively, see our eBook, The Realist’s Guide to Cybersecurity Awareness.

Bottom Line

Security can often seem complicated, but as the list above demonstrates, there’s power in simplicity. The more you can leverage these strengths in the early days of your security program, the better. As you grow, you’ll need to regularly revisit and adjust your approaches. That is why it’s so important to lay a solid foundation for your security now, so when it comes time to scale you can do so successfully, without things spiraling out out of control. 

Stay tuned for more actionable tips and advice during our “12 Days of Breach-mas” by subscribing to our blog below. 

Jonathan Crowe

Jonathan Crowe

Jonathan covers the latest threats and cybersecurity trends from a practical perspective.


Close the gaps in your security

Stop paying for AV, get the strongest protection instead. See how Barkly blocks attacks that are getting past AV.

See a demo


Stay informed!

Get the latest security news, tips, and trends straight to your inbox.