What SMBs Can Learn from Big Company Cybersecurity Breaches
In today’s digital landscape, cybersecurity breaches have become a significant concern for businesses of all sizes. While large corporations often make headlines when they fall victim to cyberattacks, small and medium-sized businesses (SMBs) are not immune to these threats. In fact, SMBs can learn valuable lessons from the cybersecurity breaches experienced by larger companies. These lessons are crucial as SMBs often lack the extensive resources and dedicated security teams that larger enterprises possess. By understanding the vulnerabilities and mistakes that led to major breaches, SMBs can implement effective strategies to protect their own operations.
High-profile breaches, such as the Equifax incident, have underscored the importance of executive accountability in cybersecurity (Verizon Data Breach Investigations Report, 2024). Similarly, the SolarWinds breach highlighted the need for robust third-party vendor management (Cisco’s SMB Cybersecurity Report, 2024). These incidents, among others, provide a roadmap for SMBs to enhance their cybersecurity posture by prioritizing leadership involvement, strengthening vendor relationships, and adopting advanced security models like Zero Trust.
Moreover, the human element remains a critical factor in cybersecurity, as demonstrated by the MGM Resorts ransomware attack, which was initiated through social engineering tactics (Dark Reading, 2024). By investing in employee training and awareness, SMBs can significantly reduce the risk of breaches caused by human error. Additionally, the importance of proactive security measures, such as regular security audits and incident response planning, cannot be overstated. These strategies not only help in identifying vulnerabilities but also ensure a swift and coordinated response in the event of a breach.
As SMBs navigate the complex cybersecurity landscape, learning from the experiences of larger companies can provide invaluable insights. By adopting best practices and avoiding common pitfalls, SMBs can safeguard their operations and maintain the trust of their customers.
Lessons Learned from Big Company Breaches
Prioritising Executive Accountability
One of the most critical lessons from major corporate breaches is the importance of executive accountability in cybersecurity. High-profile breaches, such as the Equifax breach, highlighted the need for leadership to prioritise cybersecurity at the top level. In the Equifax case, the breach exposed the personal data of nearly 150 million individuals, largely due to delayed patching of known vulnerabilities. This incident underscores the necessity for executives to take ownership of cybersecurity strategies and ensure timely updates to security systems.
SMBs can learn from this by establishing a culture where cybersecurity is a boardroom priority. Leadership should allocate resources for regular security audits and ensure that cybersecurity policies are enforced across all levels of the organisation. Unlike larger corporations, SMBs often lack dedicated security teams, making it even more crucial for executives to lead by example and champion robust security measures.
Strengthening Third-Party Vendor Management
Big company breaches often reveal vulnerabilities in third-party vendor relationships. For instance, the 2020 SolarWinds breach compromised thousands of organisations, including government agencies and Fortune 500 companies, through a software update from a trusted vendor. Attackers exploited weak access controls and inadequate monitoring of third-party systems to infiltrate sensitive networks.
SMBs, which frequently rely on third-party vendors for IT services, must implement stringent vendor management practices. These include conducting regular risk assessments, requiring vendors to adhere to strict security standards, and monitoring vendor activities for unusual behaviour. SMBs should also consider limiting third-party access to only the systems and data necessary for their operations, reducing the potential attack surface.
Implementing Zero Trust Architecture
Large-scale breaches, such as the 2024 National Public Data breach, have highlighted the need for organisations to adopt Zero Trust security models. In this breach, attackers gained access to sensitive data, including Social Security numbers, by exploiting weaknesses in access controls. The Zero Trust model operates on the principle of “never trust, always verify,” requiring continuous authentication and authorisation for all users and devices attempting to access network resources.
SMBs can benefit from adopting Zero Trust principles to protect their limited resources. By implementing multi-factor authentication (MFA), segmenting networks, and continuously monitoring user activities, SMBs can significantly reduce the likelihood of unauthorised access. While implementing Zero Trust may seem resource-intensive, SMBs can start with incremental steps, such as enforcing MFA and securing critical assets first.
Enhancing Employee Training and Awareness
Human error remains a significant factor in many corporate breaches. For example, the 2023 MGM Resorts ransomware attack was initiated through a social engineering attack that tricked an employee into revealing sensitive credentials. This incident underscores the importance of employee training in recognising phishing attempts and other social engineering tactics.
For SMBs, investing in regular cybersecurity training for employees is essential. Training should cover recognising phishing emails, creating strong passwords, and understanding the risks of sharing sensitive information. SMBs can also simulate phishing attacks to test employee awareness and identify areas for improvement. Given their limited resources, SMBs can leverage free or low-cost training tools to educate their workforce effectively.
Building Resilient Incident Response Plans
Major breaches, such as the 2024 Southern Water infrastructure breach, have demonstrated the critical need for a well-defined incident response plan. In this case, the lack of a coordinated response exacerbated the operational and reputational damage caused by the attack.
SMBs can learn from these incidents by developing and regularly updating their incident response plans. A robust plan should outline roles and responsibilities, communication protocols, and steps for containment and recovery. SMBs should also conduct regular drills to test their response capabilities and ensure that all employees understand their roles during a cybersecurity incident. Additionally, SMBs can consider partnering with cybersecurity firms to access expertise and resources during a breach.
Leveraging Real-Time Threat Intelligence
Big companies often fall victim to breaches because they fail to act on real-time threat intelligence. For instance, the 2024 UnitedHealth breach revealed that attackers exploited known vulnerabilities that had been flagged in threat intelligence reports. This highlights the importance of staying updated on emerging threats and acting promptly to mitigate risks.
SMBs can leverage real-time threat intelligence to identify and address vulnerabilities before they are exploited. Tools that provide insights into the latest attack methods and indicators of compromise can help SMBs stay ahead of cybercriminals. While SMBs may lack the resources for advanced threat intelligence platforms, they can subscribe to free or affordable services that provide timely alerts and actionable recommendations.
Investing in Proactive Security Measures
High-profile breaches often expose the consequences of reactive security approaches. For example, the 2024 data breaches affecting over a billion records demonstrated the need for proactive measures, such as regular vulnerability assessments and penetration testing.
SMBs can adopt a proactive approach by conducting regular security assessments to identify and address weaknesses in their systems. Investing in endpoint protection, firewalls, and intrusion detection systems can also help SMBs detect and prevent attacks before they cause significant damage. Additionally, SMBs should prioritise patch management to ensure that all software and systems are up-to-date with the latest security fixes.
Learning from Industry-Specific Breaches
Certain industries are more frequently targeted due to the value of their data. For example, the healthcare sector has been a prime target for ransomware attacks, as seen in the 2024 ransomware incidents that crippled healthcare organisations. These breaches underscore the importance of industry-specific security measures, such as encrypting sensitive data and implementing strict access controls.
SMBs in targeted industries can learn from these incidents by adopting tailored security practices. For instance, healthcare SMBs should ensure compliance with regulations like HIPAA and implement measures to protect patient data. Similarly, financial SMBs should focus on securing payment systems and protecting customer financial information.
Addressing Supply Chain Vulnerabilities
Supply chain attacks, such as the Kaseya ransomware attack, have shown how attackers exploit vulnerabilities in interconnected systems to target multiple organisations. These incidents highlight the need for businesses to assess and secure their supply chains.
SMBs can mitigate supply chain risks by conducting due diligence on their suppliers and partners. This includes evaluating their security practices, requiring compliance with security standards, and monitoring their activities for potential threats. SMBs should also consider diversifying their suppliers to reduce reliance on a single vendor, minimising the impact of a potential breach.
Emphasising Data Minimisation
Large-scale breaches often expose excessive amounts of sensitive data, as seen in the 2024 National Public Data breach. This incident highlights the importance of data minimisation—collecting and retaining only the data necessary for business operations.
SMBs can reduce their risk by implementing data minimisation practices. This includes regularly auditing data storage, securely deleting unnecessary information, and limiting access to sensitive data. By minimising the amount of data stored, SMBs can reduce the potential impact of a breach and simplify compliance with data protection regulations.
Conclusion
This section has provided actionable insights for SMBs to learn from big company breaches. By prioritising executive accountability, strengthening vendor management, adopting Zero Trust principles, and investing in employee training and incident response planning, SMBs can significantly enhance their cybersecurity posture. Leveraging lessons from industry-specific breaches, supply chain vulnerabilities, and data minimisation practices further equips SMBs to navigate the evolving threat landscape.
Common Cybersecurity Mistakes to Avoid
Overlooking the Importance of Employee Training
One of the most significant cybersecurity mistakes SMBs make is underestimating the role of employee training in preventing breaches. A study by the Verizon Data Breach Investigations Report (DBIR) 2024 revealed that 82% of breaches involved a human element, such as phishing or social engineering attacks. SMBs often fail to train employees on recognizing phishing emails, avoiding suspicious links, and securely handling sensitive data.
Unlike large enterprises, which frequently conduct simulated phishing exercises and mandatory cybersecurity training sessions, SMBs often lack the resources or awareness to implement such measures. This gap leaves employees vulnerable to manipulation by attackers. SMBs can address this by investing in affordable training programs, such as those offered by platforms like Infosec Institute, which provide tailored solutions for smaller businesses.
Relying on Outdated Technology and Software
Another common mistake is the reliance on outdated software and hardware, which often lack the latest security patches. According to Cisco’s SMB Cybersecurity Report 2024, many SMBs continue to use legacy systems that are no longer supported by vendors. This creates vulnerabilities that attackers can exploit through known exploits.
Large companies typically have dedicated IT teams to ensure timely updates and upgrades, but SMBs often delay these due to budget constraints or operational disruptions. To mitigate this risk, SMBs should prioritize implementing automated patch management systems and consider migrating to cloud-based solutions that include regular updates as part of the service.
Weak Password Policies
Weak or reused passwords remain a significant vulnerability for SMBs. According to ArcherPoint 2025, many SMBs still use default credentials like “admin/admin” or fail to enforce password complexity requirements. This makes it easy for attackers to gain unauthorized access to systems.
In contrast, larger organizations often implement multi-factor authentication (MFA) and robust password policies to enhance security. SMBs can adopt similar practices by using password management tools like LastPass or Dashlane, which generate and store strong, unique passwords for each account. Additionally, enforcing MFA across all critical systems can significantly reduce the risk of unauthorized access.
Ignoring Regular Security Audits
SMBs frequently neglect regular security audits, leaving them unaware of vulnerabilities in their systems. Larger enterprises conduct routine penetration testing and vulnerability assessments to identify and address potential risks proactively. SMBs, however, often perceive these measures as costly or unnecessary.
Affordable options for SMBs include partnering with managed security service providers (MSSPs) or using tools like Qualys Vulnerability Management to perform automated scans. Regular audits can help identify outdated software, misconfigured systems, and other weaknesses before they are exploited by attackers.
Failing to Implement Data Backup and Recovery Plans
Data loss due to ransomware attacks or system failures can be catastrophic for SMBs. According to S2 Cyber 2024, over 60% of SMBs affected by significant cyber incidents shut down within six months. Many SMBs fail to implement robust data backup and recovery plans, leaving them unable to recover critical data after an attack.
Large companies often use redundant systems and offsite backups to ensure business continuity. SMBs can adopt similar strategies by leveraging cloud-based backup solutions like AWS Backup or Microsoft Azure Backup. It’s also essential to regularly test recovery procedures to ensure data can be restored quickly and efficiently in the event of an incident.
Misconfiguring Cloud Services
Cloud services have become increasingly popular among SMBs due to their scalability and cost-effectiveness. However, misconfigurations in cloud environments are a common mistake that can expose sensitive data. A report by Tech.co 2025 highlighted that misconfigured cloud storage buckets are a leading cause of data breaches.
Large enterprises often employ dedicated cloud security teams to manage configurations and monitor access controls. SMBs, on the other hand, may lack the expertise to secure their cloud environments adequately. To address this, SMBs can use tools like AWS Trusted Advisor or Microsoft Secure Score to identify and remediate misconfigurations.
Neglecting Endpoint Security
With the rise of remote work, endpoint security has become a critical concern. SMBs often fail to secure devices used by employees to access company resources, making them vulnerable to malware and other attacks. According to Dark Reading 2024, many SMBs do not enforce endpoint protection measures such as antivirus software or device encryption.
In contrast, larger organizations deploy endpoint detection and response (EDR) solutions to monitor and protect devices in real-time. SMBs can implement similar protections by using affordable EDR tools like SentinelOne or CrowdStrike Falcon, which are designed for businesses of all sizes.
Underestimating Supply Chain Risks
SMBs often overlook the cybersecurity risks posed by their supply chains. Attackers frequently target smaller vendors and suppliers as a way to infiltrate larger organizations. According to ExpertBeacon 2025, supply chain vulnerabilities are expected to increase in 2025, making it crucial for SMBs to assess the security practices of their partners.
Large companies typically require vendors to comply with strict security standards and conduct regular assessments. SMBs can adopt a similar approach by using frameworks like the NIST Cybersecurity Framework to evaluate and improve supply chain security.
Inadequate Incident Response Planning
Finally, many SMBs lack a formal incident response plan, leaving them unprepared to respond effectively to a cybersecurity breach. Larger organizations often have dedicated incident response teams and predefined playbooks to handle various scenarios. SMBs, however, frequently rely on ad hoc responses, which can exacerbate the impact of an attack.
To address this, SMBs can create a basic incident response plan that includes roles and responsibilities, communication protocols, and steps for containment and recovery. Resources like the SANS Incident Response Plan Template can help SMBs develop and implement an effective plan.
By addressing these common mistakes, SMBs can significantly improve their cybersecurity posture and reduce the risk of costly breaches.
Conclusion
In conclusion, the cybersecurity landscape is fraught with challenges that require businesses, regardless of size, to be vigilant and proactive. The lessons learned from high-profile breaches in large companies offer a wealth of knowledge for SMBs striving to enhance their cybersecurity measures. By prioritizing executive accountability, strengthening third-party vendor management, and adopting a Zero Trust architecture, SMBs can build a robust defense against potential threats.
Furthermore, the importance of employee training and awareness cannot be overstated, as human error remains a significant vulnerability in cybersecurity. Regular security audits, incident response planning, and leveraging real-time threat intelligence are essential components of a comprehensive cybersecurity strategy. These measures, coupled with proactive security investments, can significantly reduce the risk of breaches and ensure business continuity.
As the digital landscape continues to evolve, SMBs must remain adaptable and informed. By learning from the mistakes and successes of larger enterprises, SMBs can navigate the complexities of cybersecurity with confidence and resilience. Ultimately, a proactive and informed approach to cybersecurity will not only protect SMBs from potential threats but also enhance their reputation and trustworthiness in the eyes of their customers.
