Cyber criminals continue to aggressively targeting SMBs in the hope that their systems will be less robust than larger, enterprise organisations.
Data theft and disruption (digital vandalism) are pure salmon on the menu for hackers, to either steal money from or pass details to other criminals and criminal organisations. The US in 2013 had 28 million SMBs, 66% of which contributed $7.5 trillion to the US economy. 36% of SMBs in the US suffered cyber attack in 2012. The UK in 2014 had an estimated 5.2 million businesses employing 25 million people, with a combined turnover of £3.5 billion.
Common types of attack:
• Phishing – scam email from a familiar looking person or address getting the user to reveal passwords or credit card details.
• Digital vandalism – Denial of Service (DoS), virus attacks or other malware to interrupt a business with damaging cost impact to business.
• Data theft – this can paralyse a smaller organisation – average cost to a US SMB in 2013 was $9,000. Of those attacked it is estimated that 60% go out of business within six months.
Impact on business:
• Business lost during a cyber breach
• Loss of company assets (bank account details, passwords, customer records, company strategy, employee information)
• Damage to reputation – this can go on for years (and hacked websites can be quarantined for long periods by search engines preventing new business in).
• Risk of being sued – failure to protect customer information with reasonable measures could leave an SMB open to litigation.
• Vulnerability of business through lack of firewalls, encryption, virus software and staff monitoring and managing the protection of a company’s digital estate.
Failing to act is no safeguard. Understanding the infrastructure and its weaknesses is a first step to positive preventative action. Pen-testing offers a relatively cheap and often eye-opening analysis of risk and gaps.