Cyber Criminals Don’t Target Small Companies – Wrong! Wrong! Wrong!

Cyber Criminals Don’t Target Small Companies – Wrong! Wrong! Wrong!

A recent survey conducted on behalf of Kaspersky Lab came up with a range of startling and extremely worrying findings – not least of which was the belief of 82% of respondents from micro companies (those with under 10 staff) that they were too small to be of interest to cyber criminals. A similar level of delusion was apparent in the findings of the 2013 Verizon Data Breach Investigations Report.

To get some perspective, let’s remember that micro and SMB companies account for the vast majority of jobs in most global markets, and even in somewhere like the US account for over half of all sales. The proportions are even higher in smaller economies.

So, it’s already the case that the sector in general represents a valuable potential target from a commercial standpoint. Secondly, it should also be borne in mind that while a small business may not in itself be a target, it can provide a staging post for an approach to much larger game.

The very degree to which supply chains have been integrated by technology creates an opportunity for the criminal to inject its presence into the equation.

Common attacks vectors such as phishing or more targeted spearphishing depend on being able to present victims with emails coming from apparently trusted sources. So a compromised Word document or executable masquerading as a PDF attached to an order sent by a supplier greatly increases the chances of a successful delivery of the malware payload.

Of course, smaller companies are also likely to be easier to compromise than their larger cousins, who spend millions annually strengthening their cyber defences. They will be more prone to not updating systems on a company-wide basis regularly, or adopting standard security measures such as enforcing strong passwords or running (and checking!) regular backups . Remember how few organisations using XP actually upgraded their OS after Microsoft discontinued support in April 2014.

As in so many other areas, smaller businesses tend to need to sweat assets for as long as they possibly can. With cash-flow being so critical to SMBs, a large investment outlay will be avoided until the last minute (which in fact coincidentally has caused a faster uptake of cloud services from this very sector). Often smaller companies will have staff working on the road or from home, and distributed across multiple locations. So, unlike many larger entities, are not defending a single network – but a series of different endpoints, some of which may be beyond their direct control.

Lower investment in cyber defence is also matched by a much reduced likelihood that a small company that has been compromised, will actually notice. So, once a cybercriminal is in, they’re going to be around for a while. It’s more often than not the case that the victim will only know it’s been breached when told by a third party.

And if a small organisation has been compromised, what is the likely impact? Again, unlike larger corporates, who have the resources and processes available to absorb the cost and quickly recover, SMBs will typically struggle. In some instances such an attack can represent a threat to the very existence of the business (10% of respondents to Kaspersky said a breach would drive their company to the wall). The cost of an incident can be measured in the tens of thousands – at least – in terms of direct losses and business impact.

So, if you own a small company and think that no cybercriminal worth his salt will be interested in you – think again.

Your Friday To Do List

1) Check everyone uses a strong password (password and 123456 are NOT strong passwords!)

2) Make sure all of your system patches are up to date

3) Check when the last time was that you ran a successful backup – and make sure it happens every day

4) Deal with the weakest link – people. Make sure your staff are brought up to speed with a guide that will improve their cyber risk awareness. Cyber Steeetwise is a pretty good starting point

Original article published on MXSweep

Copyright © 2007 - 2024 ITPIE

IT Pie is a trading name of ODR Creative Design Limited

Registered in England and Wales. Company No. 05625215. VAT Registration No. 158 4583 75

Close

Make a great decision today...

We’d be more than happy to chat without any obligation. Let’s find out if we belong together...

Tel: 029 2070 6336 or

fill out or form and we’ll get straight back to you...