Ever get that feeling you’re being watched? In simpler times, you might have been labeled paranoid. But these days you’re probably right. No matter the size of your business, cyber criminals are working overtime to find a way to get in. They’re trying to steal your money, your data, or your access. Think you’re too small to be on their radar? Think again. If you have a bank account, you’re a target.
The threat of being compromised by cyber crime looms larger every day. If you’re not thinking about it, you’re among the most vulnerable. Fortifying your cyber security posture should be seen as an essential part of doing business, like balancing the books and managing employees. The threat matrix is constantly mutating; the volume of intrusions is increasing, but attacks are also becoming more sophisticated and targeted. Until recently, the supposed solution was to build an impenetrable perimeter around your digital infrastructure and network assets, throwing up firewalls and the like in an attempt to keep out the bad guys.
Unfortunately, your employees are no longer operating behind the cosseted confines of the corporate firewall. More often than not, they work on a mobile device that leaves the office with them. They stay connected through various Wi-Fi points, most of which are less than secure, and some of which may be hacker traps. Traditional perimeter security measures can’t cover those remote and mobile users, leaving the organization’s data and assets at tremendous risk.
Most of the cyber attacks that make the news are about big dollars and big players – eBay, Lowe’s, and Target, not to mention those devious Chinese generals. Large commercial and government organizations supposedly have the capabilities, staff and resources to buy the latest security products and get them to work together to fend off attacks and root out intruders. SMBs are just beginning to acknowledge the reality that they are faced with exactly the same cyber security challenges as their larger counterparts, and must defend their assets even though they have smaller IT budgets and teams.
The security industry has let SMBs and SMEs down. Their incentives are clear: call out and create urgency around the latest security threat, produce a targeted solution to address the problem, and sell it at premium prices to the large organizations with the resources to implement it. Obviously, this model is not accessible or sustainable for SMBs. They are left to fend for themselves, which is frightening when you consider that small business accounts for nearly 50 percent of the US GDP. The more SMBs stick their head in the sand, the easier they are to prey on.
You must become more aware of the nature of threats you are facing. Assuming you are too small a target to be of interest to online thieves is no way to protect your hard-earned assets and customers. The National Cyber Security Alliance (NCSA) has warned that one-third of all cyber-attacks now target SMBs, and of those small businesses that experience an attack, 60 percent will close within 6 months. Criminals targeting SMBs aren’t as interested in stealing intellectual property and trade secrets – they’re going straight for the cash. They may trick you into paying them money, steal it from your customers by obtaining their credit card data, or drain it straight from your bank account (and don’t assume you’re insured against this type of loss).
However, because they are often connected to larger enterprises through supply chains and outsourced service contracts, vulnerable SMBs can also be targeted by sophisticated cybercriminals looking for a way to tunnel into more protected targets. The recent breach at Lowe’s, for example, was traced to a single unsecured back-up system at a small driver safety business that was a third-party vendor for Lowe’s human resources management.