Small businesses, whether they like to admit it or not, are vulnerable to many of the same cyber threats as their larger counterparts. A recent Keeper Security study uncovered a startling truth; two-thirds of small to medium-sized enterprises (SMEs) don't believe they will ever fall victim to an attack! This is a shocking stance, given the evidence to the contrary. In the year prior to this survey, 67% of businesses sustained cyberattacks of various degrees of severity. The study showed that a paultry 12% of SME leaders recognize that an attack is a matter of when and not if.
Why have so many SMEs assumed the first-little-piggie position?
Studies, like the Keeper Security survey, reveal that many in small-to-medium enterprises believe their businesses are simply not appealing to hackers by virtue of their size, their business model, or the type of product/service they offer. The dominant cyber-buzz surrounding the issue of cyber threats does nothing to subvert their conviction. The typical cyberattack horror stories involve large corporations, the big guns, and the decimation of their data defenses leading to the theft of millions of dollars. The takeaway that many SMEs run with is that small means safe. They are wrong!
It is true that large businesses are enticing targets for hackers because they store vast swathes of valuable data (credit card details, passwords, etc), but SMEs have their own allure for the black hat. Often SME defensive strategies and resources are limited by their margins and, as we discussed, they may not even perceive themselves as vulnerable in the first place.
Even if attackers are not drawn by the data SMEs hold, they frequently sniff out the type of access to computing resources, be it cloud or locally hosted, at their disposal. Unprotected SME computing resources can clear a path for attackers to breach the defenses of larger enterprises. In this scenario, the SME can become the unwitting collateral victim of an attack on a larger business they may depend upon to survive. An example of this scenario is the 2013 Target attack where HVAC, a subcontractor, inadvertently provided the conduit for the attack, costing Target an estimated $162 million.
Even the simple, tried and trusted failsafe of comprehensive password protection is not getting the love it deserves from SMEs. The Keeper survey reveals that despite the fact that 69% of respondents extolling the virtues of strong password policies as a cyber-attack prevention option, 60% actually have no prevention policy at all!
And let's not forget the other vulnerabilities that SMEs and big business share: employee/management/subcontractor carelessness or incompetence, disgruntled employees/ex-employees, and internal and external system failures.
So size doesn't dictate safety, what then can SMEs do to lessen their exposure to cyberattack and minimize post-attack fallout? Actually, quite a lot. Here’s our list of 20 tips to help SMEs build their Big-Bad-Wolf defense strategy:
There you have it; small may be beautiful but it certainly isn't invisible. The best defense is a good offense, and all that so, why wait? Implement these steps today and don't let that big bad wolf blow your house down.