McAfee’s study, “The Security Paradox” takes a look at how small and medium organizations that employ between 51-1,000 workers deal IT security and cyber threats. Both are, as it stands, on the rise for SMBs.
One scary point the report makes is that SMBs the world over(and especially in North America) feel as though they are too small and therefore hold too little value to be attractive to hackers. However, recent trends indicate quite the opposite.
SMBs exhibit quite a few traits that make them alluring to hackers and other ne’er-do-wells. Small and medium-sized businesses usually have a limited palette of resources. Their security measures are are usually out of date and inadequate. Their employees are often ill-equipped to deal with serious cyber threats. Taken together, these three problems equal big trouble for little businesses.
Jeff Green, Senior VP of McAfee Avert Labs confirmed, “High profile attacks [on larger enterprises] are becoming less frequent because they are often detected quickly. Attackers are favoring stealth attacks that quietly infiltrate systems [of small and medium businesses].”
To reverse this alarming trend, small and medium-sized businesses are going to have to make some sweeping changes that will affect the fundamentals of their budgetary concerns. Here are some scary statistics. Apologies in advance.
* 52% of SMBs believe they are not well known enough to be a target for cybercrime.
*46% believe hackers could not make any money by accessing their information.
* 45% of SMBs think they hold little value to hackers.
* 44% believe cyber crime is an issue for larger organizations.
* 35% of SMBs are not concerned about being a target of cybercrime.
* 34% don’t think their information has value outside the organization.
Even worse, a large percentage(74%) of SMBs allocate three hours or less each week to IT security. Also, half of the companies surveyed feel adequately protected by the default settings on their IT equipment. This is all, of course, podunk. The results of this ignorance has resulted in stolen data, downtime, decreased productivity, non-compliance, lost sales, and a tarnished reputation.
Businesses who fall prey to a cyber attack usually experience a week or more of downtime as they try to set everything right again. Real, out of pocket, costs hover at about $41,000. That’s a lot of office furniture.
So what are you supposed to do?
Well, it starts with attitude. Simply recognize that you are at risk and move on from there. Don’t lose sleep over it but do take baby steps every day to rectify the problem. Talk it over with your IT people. Invest in some protective software that goes above and beyond the default settings of your IT equipment. Most of all, pay attention. Your employees and your customers may be aware of problems before you are. Remember, just because you aren’t AT&T or the US government doesn’t mean you are not a value to hackers. You are a value to your customers, aren’t you?