Tag Archives: SMBs

UK’s SMBs battling average of five cyber attacks per annum

Small and medium-sized businesses (SMBs) in the UK have faced up to an average of five cyber attacks in the last 12 months. That’s according to research commissioned by online encryption specialists Appstractor Corporation that highlights the growing threat such businesses face from online criminals.

A significant number of IT decision-makers in these SMBs believe they’re being put at greater risk of attack because their security software isn’t keeping pace with the sophisticated nature of the attacks with which they’re confronted.

According to the new independent report entitled ‘Under Attack: Assessing the Struggle of UK SMBs Against Cyber Criminals’. some businesses (19%, in fact) faced as many as ten attacks in the last year. IT bosses who took part in the research survey suggested that one of the major causes for concern for SMBs in the UK is that security and encryption software is aimed at individual consumers or large corporations and Governments, meaning that they cannot be deployed effectively in a small business environment.

SMBCyberSecurity

In fact, only 44% of IT decision-makers in SMBs believe that they’re able to properly protect themselves against cyber criminals using current software and systems when compared to the ability of large businesses to protect themselves.

A third believe that the UKs small business community – which makes up 99% of businesses, according to the Federation of Small Businesses – is being “forgotten about” and placed at a higher level of risk when compared to their larger counterparts.

When it comes to the level of threat faced by these smaller companies, Appstractor Corporation’s research found that 17% of companies faced at least one attack in the last year, 28% were attacked two or three times, 32% faced four or five attacks and 19% were attacked between six and ten times.

A small proportion of companies – 2% – said that their company had been targeted up to 20 times in the last 12 months.

Commenting on the report, Paul Rosenthal (CEO and founder of Appstractor Corporation) agreed that current solutions were not up to scratch. but also said that some SMBs were making themselves an easy target for criminals.

“It’s the case that SMBs are at a disadvantage in the cyber security arms race because software and platforms are not being effectively designed for them, so they have to shoehorn consumer or large enterprise-grade solutions into their company which don’t work in small businesses. IT managers and small business owners need to rid themselves of their current ideas that they are too small to be targeted and so don’t have to worry about security and encryption software. The reality is that small businesses are being targeted by criminals more than ever before. Techniques like automated mass targeting are putting them at a serious and present risk of attack.”

*To access the full report click here

Leave a comment

Filed under Risk Xtra

SMBs need help to better understand cyber attack threats

Research by The Ponemon Institute reveals that over half of SMBs globally do not see cyber attacks as a significant risk.

Many small and mid-size businesses (SMBs) are potentially putting their organisations at risk because of uncertainty about the state of their security and threats faced from cyber attacks.

According to the ‘Risk of an Uncertain Security Strategy’ study conducted by The Ponemon Institute, senior management is failing to prioritise cyber security which, in turn, is preventing them from establishing a strong IT security posture.

Of 2,000 respondents surveyed globally, 58% confirmed that management does not see cyber attacks as a significant risk to their business. Despite this, IT infrastructure and asset security incidences, as well as wider security-related disruptions, were found to have cost these SMBs a combined average of $1,608,111 over the past 12 months.

Sponsored by Sophos, the research has also identified that the more senior the position of the decision-maker in the business, the more uncertainty there was surrounding the seriousness of the potential threat.

SMBs need help to better understand cyber attack threats

SMBs need help to better understand cyber attack threats

Three main challenges to strong security

“The scale of cyber attack threats is growing every single day,“ said Gerhard Eschelbeck, CTO for Sophos, “yet this research shows that many SMBs are failing to appreciate the dangers and potential losses they face from not adopting a suitably robust IT security posture.”

According to the research, there are three main challenges preventing the adoption of a strong security posture: failure to prioritise security (44%), insufficient budget (42%) and a lack of in-house expertise (33%).

In many SMBs there’s also no clear owner responsible for cyber security, which often means it falls into the purview of the CIO.

“Today in SMBs, the CIO is often the ‘only information officer’ managing multiple and increasingly complex responsibilities within the business,” said Eschelbeck. “However, these ‘OIOs’ cannot do everything on their own. As employees are demanding access to critical apps, systems and documents from a diverse range of mobile devices, it would appear security is often taking a back seat.”

The study reveals uncertainty around whether Bring Your Own Device (BYOD) policies and the use of the cloud are likely to contribute to the possibility of cyber attacks. Some 77% of respondents said the use of cloud applications and IT infrastructure services will increase or stay the same over the next year, yet a quarter of those surveyed indicated they did not know if this was likely to impact security.

Similarly, 69% said that mobile access to business critical applications would increase in the next year, despite the fact that half believe this will diminish security postures.

“Small and mid-size organisations simply cannot afford to disregard security,” said Larry Ponemon, president of The Ponemon Institute. “Without it there’s more chance that new technology will face cyber attacks, which is likely to cost the business substantial amounts. CIOs are under pressure to implement new technology that informs agile and efficient ways of working, but this should not take precedence over security. The industry needs to recognise the potential dangers of not taking cyber security seriously and create support systems to improve SMB security postures.”

Key findings of the research

The study targeted SMBs in the United States, the United Kingdom, Germany and the Asia-Pacific Region (Australia, India, China and Singapore) to better understand how such organisations are managing security risks and threats.

Key findings of the study include:

• 58% of respondents say management does not see cyber attacks as a significant risk

• One-third of respondents admit they are not certain if a cyber attack has occurred in the past 12 months. 42% of respondents said their organisation had experienced a cyber attack in the past 12 months

• Respondents in more senior positions have the most uncertainty about the threats to their organisations, indicating that the more removed the individual is from dealing on a daily basis with security threats, the less informed they are about the seriousness of the situation and the need to make it a priority

• CISOs and senior management are rarely involved in decisions regarding IT security priorities. While 32% say the CIO is responsible for setting priorities, 31% say no one function is responsible

• 44% of respondents report IT security is not a priority. As evidence, 42% say their budget is not adequate for achieving an effective security posture. Compounding the problem, only 26% of respondents say their IT staff has sufficient expertise

• Respondents estimate that the cost of disruption to normal operations is much higher than the cost of damages or theft of IT assets and infrastructure

• Mobile devices and BYOD are much more of a security concern than the use of cloud applications and IT infrastructure services. However, these concerns are not preventing extensive use and adoption of mobile devices, especially personal devices

• Uncertainty about their organisations’ security strategy and the threats they face varies by industry:
o Respondents in financial services have more confidence, which can probably be attributed to the numerous data protection regulations
o The technology sector is also more security aware, which is probably due to the IT expertise that exists in these organisations
o Retailing, education and research and entertainment and media have the highest level of uncertainty about their organisations’ security strategy and the threats they face

Recommendations emanating from the research findings

• Organisations need to concentrate resources on monitoring their security situation in order to make intelligent decisions. While assessing where they stand on the security continuum, organisations need to focus on monitoring, reporting and proactively detecting threats

• Establish mobile and BYOD security Best Practice. Carefully plan and implement a mobile strategy so that it doesn’t have an impact on the overall security posture

• Organisations should look for ways to bridge the gap created by a shortage of information security professionals. Consider ways to free-up time for in-house resources, including a move to cloud technologies, security consulting and easy-to-manage solutions

• Measure the cost of cyber attacks, including lost productivity caused by downtime. Work with senior management to make cyber security a priority and invest in solutions that restore normal business activity more quickly for a high return on investment

• Organisations in all sectors are regularly breached and regulations are often simply the beginning of properly securing a network. Consider consolidated security management to gain a more accurate picture of threats that will help focus on problem areas

Leave a comment

Filed under IFSECGlobal.com News