If you think your business is too small to be targeted by hackers, you are in for an unpleasant reality. Automated exploits of common vulnerabilities can equally target victims of large enterprises as well as SMBs. And any sized company connected to the Internet is vulnerable. In fact, smaller companies are often targeted precisely because hackers know these organizations have weak security – and may provide a convenient “back door” to access connected business partners or a large parent enterprise.
Here are some points to consider regarding SMBs and cyber security:
- The direct and indirect costs of just one effective security breach can bankrupt a mid-to-small sized company. In 2014, the number of security incidents with confirmed data loss affected more small companies than large.
- The security threats and mandates for regulatory compliance affect all companies. Regulations regarding cyber security apply to large and small businesses alike. Unfortunately, it’s the SMBs that often don’t have the right staff or budget necessary to cost-effectively fight the threats and maintain compliance.
- Software vulnerabilities, which make it possible for many forms of malware and attackers to gain entry to protected systems, are equally detrimental to businesses large and small. The National Cyber Security Division of the U.S. Department of Homeland Security announces over 16 new flaws daily and according to Symantec, 77% of legitimate websites have exploitable vulnerabilities — another vulnerability not exclusive to enterprises.
- Symantic also found that the majority of successful spear-fishing attacks were against SMBs.
- Given the current cyber security threat landscape, businesses are demanding to see the security and risk management plans of those with which they do a significant amount of business. SMBs should be prepared to answer questions about their cyber security, disaster recovery and business continuity procedures. They want to know how security defenses are managed and how the SBM is protecting confidential information.