Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

SMB cyber resilience: what access and recovery controls are missing?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 11936
Topic starter  

TL;DR: Scattered Spider’s shift from retail to insurance and aviation, alongside Microsoft’s finding that 80% to 90% of ransomware targets are SMBs, shows how smaller organisations are being selected for weaker resilience and faster pay decisions, according to GlobalSign and Microsoft. The control gap is not size but preparedness: access, recovery, and incident response discipline now matter more than brand scale.

NHIMG editorial — based on content published by GlobalSign: why SMBs are increasingly targeted by cyberattacks and how they can respond

By the numbers:

Questions worth separating out

Q: What fails when SMBs rely on standard MFA without stronger identity governance?

A: MFA reduces password replay, but it does not solve over-privileged accounts, long-lived tokens, exposed certificates, or weak offboarding.

Q: Why do ransomware groups target smaller organisations with weaker identity controls?

A: They target organisations where disruption creates outsized pressure to restore service quickly.

Q: How do organisations know if identity governance is actually reducing ransomware exposure?

A: The strongest indicator is not how many policies exist but how quickly teams can identify, certify, and revoke high-risk access across employees, partners, and non-human identities.

Practitioner guidance

  • Implement identity inventory for all accounts and secrets Map human accounts, service accounts, API keys, certificates, and partner access into one control register so you can revoke, rotate, and review them together.
  • Test recovery against identity compromise Run tabletop and technical exercises that assume the attacker already has a valid account, token, or certificate.
  • Shorten the lifetime of privileged access Replace standing privileged access with time-bound elevation for admin tasks, especially on backup systems, cloud consoles, and remote support channels.

What's in the full article

GlobalSign's full article covers the operational detail this post intentionally leaves for the source:

  • How GlobalSign frames security partnerships and preconfigured controls for smaller organisations that need to reduce manual effort.
  • The article's discussion of AI use in SMB security, including where caution is needed before deploying it in live workflows.
  • The article's advice on incident response, data recovery, and communication planning for organisations with limited resources.
  • The source's commentary on certificate lifecycle pressure and why manual maintenance becomes harder as certificate lifetimes shorten.

👉 Read GlobalSign's analysis of why SMBs are increasingly targeted by cyberattacks →

SMB cyber resilience: what access and recovery controls are missing?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11491
 

SMB cyber resilience is fundamentally an identity governance problem. The article frames resilience as a budget issue, but the deeper issue is whether an organisation can see, control, and revoke the identities that attackers use first. MFA, certificate handling, and privileged access are part of the same control surface, and weak governance in any one area enlarges the blast radius. For practitioners, resilience starts with identity inventory and control ownership.

A question worth separating out:

Q: Who is accountable when a stored credential is abused during a breach?

A: Accountability sits with the organisation that owns the credential lifecycle, not the user who happens to know the password. If the enterprise allows unmanaged sharing, poor offboarding, or weak recovery validation, the governance failure is structural and should be mapped to IAM, security operations, and application ownership.

👉 Read our full editorial: SMB cyber resilience is now an access and recovery problem



   
ReplyQuote
Share: