Are Media Reports of Small Business Cyber Attacks Just the Tip of the Iceberg?

Business Problem

According to PwC’s annual report The Global State of Information Security Survey 2015, there was an increase in security incidents of 48% over 2013.1 The report concludes:

“…many organizations are unaware of attacks, while others do not report detected incidents for strategic reasons or because the attack is being investigated as a matter of national security. It seems certain, given the technical sophistication of today’s well-funded threat actors, that a substantial number of incidents are successful but not discovered.

So if incidents are rising, and yet many attacks are not being reported, what does this mean to small business? Are they being overlooked by the hackers? Are small businesses in general not really at risk?

The PwC report goes on to say:

“Small firms often consider themselves too insignificant to attract threat actors – a dangerous misconception. It’s also important to note that sophisticated adversaries often target small and medium-size companies as a means to gain a foothold on the interconnected business ecosystems of larger organizations with which they partner. This dangerous reality is compounded by the fact that big companies often make little effort to monitor the security of their partners, suppliers, and supply chains.”

PwC defines a small business as one with less than $100M annual revenue.

Lesson Learned

Small business executives and owners must understand that they are at greater risk of cyber attack than they realize. There are more than 3 billion users on the global Internet and a large number of them want what every small business has. By getting large quantities of personal and business information, they can sell it to the highest bidder on hacker e-commerce sites. The Internet underground is well organized and well funded and can easily monetize stolen small business information.

Key Message

Invest the time to better understand how cyber risk could be affecting your organization and how it should be managed. Even small businesses with a few employees are a target and need to take steps to protect the organization. Remember, cyber risk management involves examining not just technology but people and the entire business ecosystem (partners, suppliers, clients) they interact with. IT Security alone will never be able to adequately address the problem.

Source for more information
1 PwC’s The Global State of Information Security Survey, 2015.

Cyber Exposures of Small and Mid-Size Businesses – A Digital Pandemic

Source: Advisen Ltd

Advisen wrote a white paper that examines the cyber threat landscape of small and mid-sized businesses (SMBs), explains the phenomenon surrounding their cyber-risk complacency, and offers actionable suggestions for effectively managing network security risks.The free, 12-page paper is sponsored by The Hartford.

Addressing Small Business Cyber Threats

Gone are the days when small and medium-sized business (SMBs) were able to neglect network security with little consequence. Today, countless organizations of all sizes are victimized daily, and in many cases with crippling effect. This unfortunate trend is highlighted in Symantec’s 2014 Internet Security Threat report which found that SMBs (defined as having fewer than 250 employees) accounted for more than half of all targeted attacks (61 percent) in 2013. This was an 11 percentage point increase from the previous year. In another study by the National Cyber Security Alliance, it was reported that 20 percent of small businesses fall victim to cybercrime each year. Advisen data shows similar trends. Of all the cyber incidents tracked by Advisen since 2000, SMBs represent approximately 60 percent of the total cases.

Despite these statistics, many SMBs choose not to take even rudimentary steps to keep themselves safe and to prepare to respond to an attack. This general lack of cyber threat knowledge and overall complacency put these companies at risk.  Read full article >>