Cyber-attacks: small business – big threat

Cyber-attacks and hacking are rarely out of the news these days. In the last week alone there have been lurid headlines about damaging DDoS cyber-attacks on popular online notes and web clippings service ,Evernote, social media dashboard application, TweetDeck, and news site, Feedly, affecting millions of users. Cyber-attacks, however, are not the exclusive preserve of the big players in the market: small and medium-sized businesses are also frequently targeted by organised criminals for their data.

These attacks rarely make the headlines, but their consequences are every bit as damaging. If there’s a difference, it’s a matter of scale. When large companies suffer embarrassing and costly data breaches, they will suffer financial losses and damage to their reputation: when a small company is attacked, the consequences can be catastrophic. Some small businesses may in fact never recover at all.

So just how serious is the problem of cyber-threat? Are small businesses particularly vulnerable? Well, the Verizon 2013 Data Breach Investigations Report found that small businesses were particularly vulnerable to attack. It reported that 62 per cent of all reported cyber-breaches were targeted at smaller organisations. Verizon also estimated that this number was conservative: the reported figure was based on the assumption that these small businesses were aware of the breach: many smaller organisations would not be in a position to tell. More worryingly PC World reported in August, 2013, that of the small businesses who reported suffering a cyber-breach; roughly 60 per cent went out of business within six months of the attack.

These figures beg the question, why are small business so vulnerable to cyber-attack? The answer is that the nature of the threat has changed. Cyber-attacks were historically used to achieve notoriety: now cybercriminals are known to run their operations like businesses and look for new ways to maximise the return on their investment. Unfortunately this new model of cyber-threat makes small business particularly vulnerable, as few SMEs have the IT resources or necessary expertise to implement and manage security systems, and that unfortunately makes them prime targets.

So what can small businesses do to protect themselves from cyber-threat? Well, they can certainly make use of traditional cyber defences like firewalls, spam blockers and anti-virus software, but these won’t necessarily deter the determine hacker, or protect data accessed on BYO devices or stored in cloud-based applications like Dropbox, Salesforce or Evernote where sensitive data is stored and accessed outside the network. Small businesses need to keep a close eye on their valuable information; they will only be able to identify attacks and prevent information loss if they are able to monitor their data and identify who has access to this information both inside and outside of the network.

The way in which we store, access and share data is evolving; unfortunately the same applies to the threat of cyber-attack. That’s why it’s important for SMEs to regularly review their systems and evaluate their security posture against the current and evolving security threats and risks to which they are exposed. The focus for small business information security now needs to be on preventing attacks and protecting data and preventing, rather than restricting access to it.

If you are concerned about the escalating security challenges facing your small business today and would like to take precautions, then why not speak to Krypsys? Krypsys’ services are focused on helping you assess your security posture against current and evolving security threats and educating you on the risks to which you are exposed. We have a wealth of experience in security projects in both the public and private sectors and have worked with organisations to protect high value information assets such as trading platforms, e-commerce systems, data-centres and cloud services. We also work with leading IT security vendors and specialist consultancies to close the gaps in your own IT security strategy and to assist in streamlining and prioritising your risk management spending.

Whether you’re looking for help with penetration testing and security reviews, or are looking for advice on security compliance and web security solutions, Krypsys can help you. For more information on web security solutions, please contact Krypsys on 01273 044072 or [email protected].