As governments around the world mull over cyber security measures and possible new legislation, many small and medium enterprises are pondering whether internet security is a real concern for their businesses, either because they are too small, or they don’t have anything of value worth stealing.
Simon Campbell-Young, CEO of Phoenix Distribution, says the very idea that some companies might be too small to attract the attention of cyber criminals is absurd.
“Too many businesses get the notion that because they are small, they are immune to breaches. Sure, we’ve seen the likes of Sony, Target, RSA and Google who are worth billions fall foul of cyber crooks, but the fact remains that whether you are worth vast amounts or seemingly little, you are still at risk. In fact, it might just be the fact that you seem innocuous and not worth the hassle that puts you at risk.”
He says small businesses are as attractive to hackers as their enterprise counterparts. “This is for several reasons. Firstly, smaller businesses don’t have the same resources to throw at the security problem as the larger ones do, and don’t have departments dedicated to the problem, whose sole job is to prevent or mitigate attacks. Most smaller companies install the best security solutions they can afford and hope for the best.”
This is compounded by the fact that the risk to the smaller businesses’ existence should an incident occur is greater, because not only do they have less protection in place, they have less cushion and fewer resources to ensure they can recover from an attack. “For a small business, a breach can mean the difference between closing its doors or staying in business.”
He adds that while many believe the majority of attacks are committed by the dark criminal underworld, in reality, the biggest danger is often the company’s own employees. “Whether deliberate acts of sabotage, or mere negligence, insider threats can cause catastrophic damage, both in terms of the bottom line, and in terms of loss of reputation.”
He says that smaller companies are often at greater risk. “Too many times recently, we have seen headlines litter the news about how small businesses have been used as a means to target a larger entity. In fact, small businesses are being used more and more as a stepping stone to a more lucrative target, usually a third-party company they do business with on some level.”
Campbell-Young says the takeaway here, is that all companies are targets for cyber-crooks, no matter what their size, interests or revenues. “When talking about breaches, the common maxim today is that it is no longer a case of ‘if’ but rather of ‘when’. If your business has any information that a cybercriminal wants, or any links to another company the hackers have in their sights, you are vulnerable.“
As a result, cyber security must be real worry for all organisations. “Some of this concern may be driven by the increasingly tighter compliance regulations, or some by third-party partners who are extremely security aware. However, despite the costs involved, no business can afford to be slack about security. The downside of not having any can be disastrous in terms of business disruption, loss of reputation as well as damage to the bottom line.”