The UK government’s 2015 Security Breaches Survey, for example, found that 74 per cent of small organisations had reported a security breach in the last year – a significant increase on 2013 and 2014 survey figures.
Many small businesses still adopt a mindset that they’re unlikely to be a target due to their size, and that hackers couldn’t possibly be interested in what they do. But in reality, the exact opposite is true. Hackers now view SMEs as a prime opportunity; with fewer financial and human resources, smaller companies represent a temptingly soft target in comparison to larger organisations which may be harder to penetrate directly.
The findings of Symantec’s recent Internet Security Threat Report highlight the reality of this threat; 60 per cent of all targeted cyber attacks last year struck SMEs. Yet many smaller firms continue to leave their systems vulnerable to a cyber security breach, at the risk of reputation damage, loss of customer data, fines and potential company closure.
Evaluating the reasons why
In recent years, SMEs have embarked on numerous initiatives that have opened themselves to cyber security risk. Take, for example, the increased usage of cloud and mobile devices that access business-critical applications and IT infrastructures.
Today’s SMEs will typically operate fairly complex on-premise, cloud or hybrid infrastructures, while mobile working is now a feature of daily activity for their workforces. Next, add the close collaboration partnerships with contractors and third parties into the mix; the extensive data sharing that goes on between these bodies represents a further risk vector.
According to the Ponemon Institute’s recent 2016 research on the cyber security threat to small and medium-sized companies, web-based and phishing/social engineering attacks were the most prevalent attacks experienced. However, and rather worryingly, the Institute’s research found that almost one-third of the companies surveyed, could not determine the root cause of their security breach.
Furthermore, its findings also pinpoint how the determination of IT security priorities is typically not centralised in SMEs; 35 per cent of respondents confirmed that no one function in their company determines IT security policies.
Clearly, adopting a “laissez-faire” attitude to cyber security is no longer an option for small and mid-sized organisations. But the good news is that, without investing significant resources or undertaking a major overhaul of their IT teams, SMEs can initiate a three-step best practice approach that will help their corporate networks safe and secure.
Step one: Network monitoring
Implementing a network monitoring solution that delivers end-to-end visibility into the organisation’s IT security is a good first step. Providing alerts on major deviations from network traffic baselines, this technology can help identify potential attack profiles – like user datagram protocol (UDP) spikes.
Network monitoring tools can also enable IT teams to spot potential data theft in real-time, by monitoring for suspicious use of unusual protocols for a specific device or URL. IT teams can also use network monitoring solutions to document instances of unauthorised or unwanted usage of company or public assets – and pinpoint when large files containing sensitive data are transmitted.
Read more on cyber security:
- Tempering the threat of Trojans: SMEs can fight back against banking malware
- The future of cyber security – it’s smarter than the humans
- Who takes accountability for the insider risk?
Step two: Penetration testing
Properly conducted penetration testing can do more that simply demonstrate the real-world effectiveness of existing security controls when facing attack by a legitimate hacker. It can also determine the feasibility of certain attack vectors and deliver an accurate assessment of the magnitude of the operational impact in the event of a successful breach.
Ideally, penetration testing should be undertaken on a regular basis, and should be initiated in particular whenever end-user policies are changed, a new office goes online, or if security patches are installed.
Step three: Log management
Utilising a simple automated log management tool for critical systems will help to flag any suspicious activities alongside commonly audited access and permission changes. Use these tools to track, alert and report on events like access and permission, changes to files, folders and objects. Collecting common log types – Syslog, Microsoft event or W3C/IIS – will help the IT team identify potential threat incidents. Finally, protect access to key information like employee records, patient or financial information.
Implementing these best practices and technologies won’t cost a fortune and can be undertaken in a relatively short time frame. The aim of the game is to prevent a data breach, and it all begins with understanding where your vulnerabilities are – and then determining the best way to redress these.
Michael Hack is SVP of EMEA operations at Ipswitch
Share this story