IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more
In-depth

Securing small businesses from cyber attacks

Why are SMBs increasingly coming under attack from cyber criminals, and how can they stay safe? Davey Winder investigates...

Research suggests the SMB sector is coming under increasing pressure from hackers and cyber criminals.

A recent report by security vendor Symantec revealed that the number of businesses with fewer than 250 staff subjected to attacks doubled between during the six months to the end of June 2012.

Rival security firm AVG reported that 3.37 million of damage was inflicted on UK SMBs by cyber criminals last year, and predicts this figure will rise.

Meanwhile, the majority of the 855 data breaches analysed in the 2012 Verizon Data Breach Investigations Report (DBIR) were perpetrated against smaller firms.

Casting an eye over the Verizon statistics, Kurt Hangerman, director of global compliance at FireHost, told IT Pro: "Seventy-nine per cent of breaches were against targets of opportunity, and 96 per cent were not difficult to conduct, meaning that cybercriminals are discerning when it comes to who they ultimately attack."

Shifting focus of cybercrime

Not everyone in the security business thinks the focus of cybercrime has shifted from large enterprise to small business, though.

Rik Ferguson, director of security research at Trend Micro, says the types of attacks inflicted on the enterprise and SMB market have "diverged and evolved", with firms at the larger end of the scale falling victim to "more sophisticated and finely targeted" onslaughts.

"[SMBs are] receiving the dubious attentions of the sophisticated, commoditised toolkits which have been years in development," he added.

The latter point is something Corey Nachreiner, director of security strategy at WatchGuard, agrees with.

"Attackers cast a wide net, using mass emails, automated SQL injection, or automated network attacks to opportunistically gain any victim," Nachreiner says. "Everyone is the target of this attack, whether they know it or not."

However, he also claims to have seen a marked rise in targeted spear-phishing attacks against SMBs. "One recent email appeared to come from ADP, a company that helps SMBs manage payroll (among other things)," Nachreiner recounts.

"This spear-phishing email seems to target accounting and HR folks at SMBs, in [the] hope of gaining access to their payroll systems."

There's no doubt smaller firms often make very attractive targets, not just because they tend to employ lower levels of security, but because of who they do business with.

Richard Wilding, cyber security director at BAE Systems Detica, explains: "Infiltrate [a] small company with a less secure network and a cyber criminal can use the information gathered to target [a] larger firm where the larger prize lies or to steal information the supplier has about the true target."

The attack surface

So just what kind of attacks and threats are SMBs most at risk from? Jacques Erasmus, Webroot's chief information security officer, claims smaller firms need to be on their guard against targeted, information stealing Trojans.

"They are proving to be very successful and result in significant losses in many cases," he adds.

Meanwhile, Check Point's UK managing director, Terry Greer-King, says "blended attacks" using social media profiling to trick employees are most likely to succeed, simply because SMBs tend to have fewer layers of security.

Or, as Nick Connor, managing director and co-founder of Assuria, puts it: the biggest security threat to a small business is its staff.

"I suspect social engineering will continue to grow and small businesses in particular will be key targets as they fail to recognise the value of the data in the business or how to properly protect it," he adds.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

29% of UK SMBs cancelled cyber insurance policies in 2021
cyber security

29% of UK SMBs cancelled cyber insurance policies in 2021

9 May 2022
The total economic impact™ of Datto
Whitepaper

The total economic impact™ of Datto

24 Aug 2021
The most significant challenges facing SMBs post-pandemic
SMB

The most significant challenges facing SMBs post-pandemic

7 Jul 2021

Most Popular

Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
IT admin deletes company’s databases and is jailed for seven years
Policy & legislation

IT admin deletes company’s databases and is jailed for seven years

16 May 2022