<img height="1" width="1" src="https://www.facebook.com/tr?id=1046809342117480&amp;ev=PageView &amp;noscript=1">

VSEC Blog: IT Security Channel News brought to you by Infinigate UK

Share the Infinigate UK Blog on LinkedIn Share the Infinigate UK Blog on Twitter Share the Infinigate UK Blog on Facebook Share the Infinigate UK Blog on Google+ Share the Infinigate UK Blog via Email

SMB's: Cybercrime's Number 1 Target

Topics: Cyber Attack, Cybercrime, Malware, SMB's, Firewall

Posted: 27 February 2019

Small business is taking a cyber-pounding

With all the headline breaches focusing on the more high profile victims of cyber breaches, you could be forgiven for thinking that the SMB sector is overlooked by hackers in favour of the big prize targets such as Ashley Madison, Three Mobile, Facebook, Yahoo, LinkedIn and Target. That isn’t the case, SMB’s are in fact taking the brunt of cyber-attacks and in some cases providing a route into the bigger high profile targets…

Survival of the fittest…

Statistically 43% of cyber-attacks hit small businesses and only 14% of small businesses rate their ability to mitigate cyber risk, vulnerabilities and attacks as highly effective . Coupled with the fact that the cost of a breach to a small business can be anywhere in the region of £65,000 to £115,000 if not more, it’s no wonder that 60% of SMB’s go out of business within 6 months of a breach. Given the opportunistic nature of most hacks, it safe to say that SMB’s aren’t being targeted specifically, more that they are exposing themselves with a wider range of vulnerabilities and therefore falling foul more readily than the average enterprise.

Understandably the smaller businesses may not have the resources available to defend themselves in the same way the average enterprise can, but they still hold valuable data (such as customer data which could be used for identity theft) which would be deemed a worthwhile opportunity for hackers. In addition to the data they hold they may also provide hackers a route into a larger company, as was the case with the Target breach in 2013.

Blind spots…

The most predominant attacks small businesses fall foul to are (more than one choice permitted):

  • - 49% Web based
  • - 43% Phishing / Social engineering
  • - 35% Malware
  • - 26% SQL Injection

What this tells us is that a two-fold approach is required to address these issues…

Firstly, it’s clear there is a short fall in cyber security awareness within the SMB community which can only be corrected through education and process implementation. Employees should be educated about the various risks they face when accessing an unfamiliar website or opening a link in an email from an unfamiliar source. There should be guidelines in place on password complexity and how often it should be changed. A clear process needs to be defined on how to manage sensitive data. There needs to be documented usage guidelines readily available with periodic updates carried out to ensure employees have a clear understanding of the risks and how to spot and avoid them.

[You might also be interested to read "3 Worst Data Breaches From 2018 & How to Avoid Them"]

Secondly and equally as important is the need for network perimeter protection. That ISP provided router just isn’t cutting it anymore, at most they provide a state full firewall but with no gateway AV or IPS they provide little protection for the devices connected to them. You could argue that most machines have some form of endpoint AV but with the ever increasing threat from fileless malware this is no longer enough. Next gen perimeter defence is a must in this day and age and there are plenty of NGFW (Next Generation Firewall) solutions aimed squarely at the SOHO market with a range of protective features previously only found in enterprise grade hardware. For little more than the cost of the latest greatest smartphone a NGFW armed with IPS, GeoIP, Gateway AV, DPI-SSL and advanced threat protection can be implemented with the aid of a security consultant or by the in-house IT team.

One such offering is SonicWall’s Entry level range which offers all of the bells and whistles you’d find in an enterprise offering neatly packaged in a small form factor desktop unit.

11 Cool things your firewall should do

Dion Phillips Senior Technical Consultant, Infinigate UK
Posted by: Dion Phillips
Senior Technical Consultant, Infinigate UK
Share via:

Subscribe to VSEC Blog Updates

Terms and Conditions:
  • When completing this form, you are indicating your consent for this processing activity. By doing this you are providing Infinigate UK with lawful consent to process your submitted personal data for one or both of the marketing purposes below:
    • We will use your details to send you blog updates.
    • We will match your answers to areas of interest which believe you have and may send you additional marketing materials related to those areas.
  • We will keep your personal data for nine months, upon which we will delete your personal data unless you have consented to further processing or we have legitimate interests to retain it. You are free to withdraw your consent at any time by contacting our marketing department or using one of our unsubscribe links in our communications.
  • In some cases where you indicate consent for supplying you with additional promotional marketing material, we will share your personal data with one of our reseller partners, should your areas of interest match a solution or service they provide. We instruct all our reseller partners to communicate this data transfer with data subject affected.
  • Your personal data is stored in a marketing automation solution database, access to this is limited to authorised users and all necessary steps to ensure data security is maintained.

For further information about this form, your rights under the General Data Protection Regulation or how to exercise them, please contact Infinigate's marketing department here.

Popular Posts