Reducing the risk of a Cyber Attack is quickly becoming job number one for those administering an SMB’s network infrastructure. After all, Cyber Attacks constitute one of the biggest threats to operations and those threats are growing in ferocity and frequency, something the typical SMB operator fails to comprehend.
Although the news is rife with the details of the latest cyber-attack, intrusion or malware infestations, SMBs, for the most part, feel that those are threats to only the largest of businesses, and that the typical SMB is protected simply by anonymity. In other words, cyber criminals will simply ignore SMBs, because they are unaware of the existence of those small and medium businesses.
Nothing could be further from the truth, the Verizon Data Breach Investigative Report reveals that SMBs are the top targets of cybercriminals and suffer breaches more often than larger firms. What’s more, the impact of a breach on an SMB proves more devastating, with a study from the National Cyber Security Alliance stating that some 60% of SMBs cease operations within six months of a data breach.
Obviously the stakes are high, yet many IT pros have trouble explaining the potential devastation that a cyber-attack can wreck upon the typical SMB. Perhaps the best place to start is with the identification of why SMBs have become so targeted by the nefarious denizens of the web. One of the reasons that SMBs prove to be ripe targets is that the way most SMBs deploy security tools, which are ill equipped to combat today’s advanced attacks. Many SMBs rely on traditional security products, such as anti-malware products and basic firewalls, thinking that those products offer adequate protection.
However, the truth is that those products are woefully inadequate when it comes to targeted attacks, insider threats or advanced persistent threats. The reason being is that those technologies rely on approaches such as signature files, URL blacklists and static policies to mitigate attacks.
The simple fact of the matter is that most cyber attackers are very rational in how they target systems. In other words, there are strong incentives fueling the attack, which range from the value of the data that can be obtained (credit card information, user accounts, and so forth) to the likelihood that an attack will go undetected for weeks, months, or even years, if ever. Simply put, most of the defenses deployed by SMBs today are designed to deal with known threats and cannot counter the zero day or blended threats that are becoming all too common.
A survey by the Poneman Institute further paints the picture of SMBs taking a naïve approach to cyber security, with some 60% that do not consider cyber-attacks to be a big risk to their organizations, while 44% don’t consider strong security to be a priority. It is those misplaced beliefs that pose the largest challenge for those looking to keep SMBs’ systems secure, making worthwhile security suggestions fall on deaf ears.
However, the purveyors of SMB security solutions do have a strong ally on their side, one that is hard to ignore, and that is the financial argument. An argument that purveys the concept of what the cost of doing nothing is. Extensive research has been conducted on that very element, which can be summarized as the high cost of suffering an attack. For the financial impacts of a cyber-attack, SMBs can turn to an interactive info-graphic from Towergate Insurance, which offers a visual representation of collected facts and numbers.
The Ponemon Institute further highlights the financial burden in an NSBA report that states the average cost of a cyber-attack was over $8000, a significant amount of money to the typical small business. However, that cost does not include intangibles, such as down time, loss of business, remediation and so forth, meaning that the actual cost to an SMB is possibly far greater.
When armed with the right facts, garnering budget dollars for better security solutions should become a much smoother process. After all the argument quickly becomes one of not being able to afford doing nothing.
