Scribd Logo
Upload

Welcome to Scribd!

  • No Business Is Too Small For SMB Cybersecurity

    Uploaded by

    Rick
    12 views3 pages
    No Business is Too Small for SMB Cybersecurity

    Original Title

    No Business is Too Small for SMB Cybersecurity

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    No Business is Too Small for SMB Cybersecurity

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    12 views3 pages

    No Business Is Too Small For SMB Cybersecurity

    Uploaded by

    Rick
    No Business is Too Small for SMB Cybersecurity

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    No Business Is Too Small for SMB Cybersecurity

    September 20, 2016 | By David Strom (https://securityintelligence.com/author/david-strom/)

    iStock (http://www.istockphoto.com/photo/beautiful-orist-turning-open-sign-at-shop-window-gm599498978-102920785?st=_p_small%20business%20open)

    Smaller businesses, like the HVAC company that caused the Target penetration in 2013 (https://securityintelligence.com/target-breach-protect-against-
    similar-attacks-retailers/), often think they are too small to be security targets, but SMB cybersecurity can have big implications. Size doesnt matter as
    long as your rm has something of value that someone thinks is worth stealing, or a connection that someone thinks is worth exploiting.

    In the case of Target, the retail chain had pretty solid cybersecurity practices in place. Its Achilles heel was a Windows server running on the HVAC
    vendors site that could be compromised. That server breach led to Targets point-of-sale system being infected with malware, resulting in millions of
    dollars in subsequent losses.

    Small Leaks Lead to Big Problems


    The leak of a pending merger, new product description or condential personnel memo can cause problems. None of these involve a lot of data in terms
    of megabytes, but all can inuence markets or compromise the reputation of a particular organization. The Im too small to be a target fallacy makes it
    easier to steal data and compromise SMB cybersecurity than to attack a large bank or other enterprise directly.

    Indeed, the more vertical the SMB market, the more likely it is to sustain attacks. Take a specialized medical device vendor, for example. Many of these
    devices are connected to the internet and have embedded servers. An attacker could potentially penetrate an entire hospital network
    (https://securityintelligence.com/ransomware-and-health-care-theres-more-at-risk-than-just-money/) by compromising a single device.

    SMB Cybersecurity Best Practices


    Tripwire (http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/the-im-too-small-to-be-a-target-fallacy/) oered some
    suggestions to improve SMB cybersecurity practice that wont cost millions, such as providing incentives through tax breaks or noncompliance nes to
    motivate SMBs to partner with a cybersecurity vendor to improve their posture and strengthen their security program
    (http://www.ibm.com/security/solutions/optimize-security-programs.html?ce=ISM0484&ct=SWG&cmp=IBMSocial&cm=h&cr=Security&ccy=US).
    Another idea is to emulate nancial rms and other large businesses by leveraging threat data and sharing best practices.

    Small businesses should also train employees to recognize phishing attacks. SMB rms often lack the security depth and training to recognize these
    scam emails, especially as cybercriminals get better at using insider information to make the communications more believable.

    Finally, SMB cybersecurity insurance should be made more available and attractive to help protect smaller companies from potential adverse eects.

    Tags: Best Practices (https://securityintelligence.com/tag/best-practices/) | Cybersecurity (https://securityintelligence.com/tag/cybersecurity/) | Security Awareness


    (https://securityintelligence.com/tag/security-awareness/) | Small and Midsize Businesses (SMBs) (https://securityintelligence.com/tag/small-and-midsize-businesses-
    smbs/)
    Share this Article:

    David Strom (https://securityintelligence.com/author/david-strom/)


    Security Evangelist

    David is an award-winning writer, speaker, editor, video blogger, and online communications professional who also advises numerous startup and well-established
    technology ventures. He began his career as an in-house IT analyst and has founded numerous technology print and online publications, such as editor-in-chief of Network
    Computing magazine and as part of the launch team of PC Week's Connectivity section. David has written two books and spoken around the world at various conferences (https://securityintelligence.com
    and been on national radio and television talking about network technologies. He continues to build websites and publish articles on a wide variety of technology topics geared towards
    networking, security, channel, PC enthusiasts, OEMs, and consumers. In addition to these activities, he consults to vendors and evaluates emerging technologies, products, strategies, and
    trends to help position and improve their technology products.

    SEE ALL POSTS e


    FOLLOW x

    RELATED ARTICLES

    The Power of Pervasive Encryption (https://securityintelligence.com/the-power-of-pervasive-encryption/)


    Read More (https://securityintelligence.com/the-power-of-pervasive-encryption/)

    Pervasive Encryption Simplies Mainframe Security (https://securityintelligence.com/pervasive-encryption-simplies-


    mainframe-security/)
    Read More (https://securityintelligence.com/pervasive-encryption-simplies-mainframe-security/)

    Mainframe Data Is Your Secret Sauce: A Recipe for Data Protection (https://securityintelligence.com/mainframe-data-is-your-
    secret-sauce-a-recipe-for-data-protection/)
    Read More (https://securityintelligence.com/mainframe-data-is-your-secret-sauce-a-recipe-for-data-protection/)

    Featured Media

    2017 Ponemon Institute Cost of a Data Breach Study (https://securityintelligence.com/media/2017-


    ponemon-institute-cost-of-a-data-breach-study/)

    p
    (https://securityintelligence.com/media-type/podcasts/)
    B (http://ibm.com/security?
    (https://securityintelligence.com)

    The views and opinions expressed in this article are those of the authors and do not necessarily reect the ocial policy or position of IBM.

    CONTRIBUTORS (/CONTRIBUTORS)

    BECOME A CONTRIBUTOR (HTTPS://SECURITYINTELLIGENCE.COM/BECOME-A-CONTRIBUTOR/)

    ce=ISM0484&ct=SWG&cmp=IBMSoc
    v (http://feeds.feedburner.com/SecurityIntelligence) x (http://www.twitter.com/ibmsecurity) t (http://facebook.com/ibmsecurity)
    y (https://www.youtube.com/c/IBMSecurity) u (http://www.linkedin.com/company/ibm-security)
    w (http://slideshare.net/ibmsecurity) D (https://www.quora.com/IBM-Security/)
    2017 IBM (http://www.ibm.com?ce=ISM0484&ct=SWG&cmp=IBMSocial&cm=h&cr=Security&ccy=US) | Contact (http://www.ibm.com/contact/us/en/?
    ce=ISM0484&ct=SWG&cmp=IBMSocial&cm=h&cr=Security&ccy=US&ce=ISM0484&ct=SWG&cmp=IBMSocial&cm=h&cr=Security&ccy=US) | Privacy (http://www.ibm.com/privacy/us/en/?
    ce=ISM0484&ct=SWG&cmp=IBMSocial&cm=h&cr=Security&ccy=US&ce=ISM0484&ct=SWG&cmp=IBMSocial&cm=h&cr=Security&ccy=US) | Terms Of Use (http://www.ibm.com/legal/us/en/?
    ce=ISM0484&ct=SWG&cmp=IBMSocial&cm=h&cr=Security&ccy=US&ce=ISM0484&ct=SWG&cmp=IBMSocial&cm=h&cr=Security&ccy=US) | Accessibility (http://www.ibm.com/accessibility/us/en/?
    ce=ISM0484&ct=SWG&cmp=IBMSocial&cm=h&cr=Security&ccy=US&ce=ISM0484&ct=SWG&cmp=IBMSocial&cm=h&cr=Security&ccy=US)

    You might also like