The UK government’s 2015 Security Breaches Survey, for example, found that 74 per cent of small organisations had reported a security breach in the last year – a significant increase on 2013 and 2014 survey figures.Many small businesses still adopt a mindset that they’re unlikely to be a target due to their size, and that hackers couldn’t possibly be interested in what they do. But in reality, the exact opposite is true. Hackers now view SMEs as a prime opportunity; with fewer financial and human resources, smaller companies represent a temptingly soft target in comparison to larger organisations which may be harder to penetrate directly. The findings of Symantec’s recent Internet Security Threat Report highlight the reality of this threat; 60 per cent of all targeted cyber attacks last year struck SMEs. Yet many smaller firms continue to leave their systems vulnerable to a cyber security breach, at the risk of reputation damage, loss of customer data, fines and potential company closure. Evaluating the reasons why In recent years, SMEs have embarked on numerous initiatives that have opened themselves to cyber security risk. Take, for example, the increased usage of cloud and mobile devices that access business-critical applications and IT infrastructures. Today’s SMEs will typically operate fairly complex on-premise, cloud or hybrid infrastructures, while mobile working is now a feature of daily activity for their workforces. Next, add the close collaboration partnerships with contractors and third parties into the mix; the extensive data sharing that goes on between these bodies represents a further risk vector. According to the Ponemon Institute’s recent 2016 research on the cyber security threat to small and medium-sized companies, web-based and phishing/social engineering attacks were the most prevalent attacks experienced. However, and rather worryingly, the Institute’s research found that almost one-third of the companies surveyed, could not determine the root cause of their security breach. Furthermore, its findings also pinpoint how the determination of IT security priorities is typically not centralised in SMEs; 35 per cent of respondents confirmed that no one function in their company determines IT security policies. Clearly, adopting a “laissez-faire” attitude to cyber security is no longer an option for small and mid-sized organisations. But the good news is that, without investing significant resources or undertaking a major overhaul of their IT teams, SMEs can initiate a three-step best practice approach that will help their corporate networks safe and secure. Step one: Network monitoring Implementing a network monitoring solution that delivers end-to-end visibility into the organisation’s IT security is a good first step. Providing alerts on major deviations from network traffic baselines, this technology can help identify potential attack profiles – like user datagram protocol (UDP) spikes. Network monitoring tools can also enable IT teams to spot potential data theft in real-time, by monitoring for suspicious use of unusual protocols for a specific device or URL. IT teams can also use network monitoring solutions to document instances of unauthorised or unwanted usage of company or public assets – and pinpoint when large files containing sensitive data are transmitted.
Read more on cyber security:
- Tempering the threat of Trojans: SMEs can fight back against banking malware
- The future of cyber security – it’s smarter than the humans
- Who takes accountability for the insider risk?
Share this story