Light Dark
September 20, 2016 By David Strom 2 min read
Mainframe
Topics

Smaller businesses, like the HVAC company that caused the Target penetration in 2013, often think they are too small to be security targets, but SMB cybersecurity can have big implications. Size doesn’t matter as long as your firm has something of value that someone thinks is worth stealing, or a connection that someone thinks is worth exploiting.

In the case of Target, the retail chain had pretty solid cybersecurity practices in place. Its Achilles’ heel was a Windows server running on the HVAC vendor’s site that could be compromised. That server breach led to Target’s point-of-sale system being infected with malware, resulting in millions of dollars in subsequent losses.

Small Leaks Lead to Big Problems

The leak of a pending merger, new product description or confidential personnel memo can cause problems. None of these involve a lot of data in terms of megabytes, but all can influence markets or compromise the reputation of a particular organization. The “I’m too small to be a target” fallacy makes it easier to steal data and compromise SMB cybersecurity than to attack a large bank or other enterprise directly.

Indeed, the more vertical the SMB market, the more likely it is to sustain attacks. Take a specialized medical device vendor, for example. Many of these devices are connected to the internet and have embedded servers. An attacker could potentially penetrate an entire hospital network by compromising a single device.

SMB Cybersecurity Best Practices

Tripwire offered some suggestions to improve SMB cybersecurity practice that won’t cost millions, such as providing incentives through tax breaks or noncompliance fines to motivate SMBs to partner with a cybersecurity vendor to improve their posture and strengthen their security program. Another idea is to emulate financial firms and other large businesses by leveraging threat data and sharing best practices.

Small businesses should also train employees to recognize phishing attacks. SMB firms often lack the security depth and training to recognize these scam emails, especially as cybercriminals get better at using insider information to make the communications more believable.

Finally, SMB cybersecurity insurance should be made more available and attractive to help protect smaller companies from potential adverse effects.

 |  |  | 
David Strom
Security Evangelist

More from Mainframe
May 17, 2022

How dangerous is the cyberattack risk to transportation?

4 min read - If an attacker breaches a transit agency’s systems, the impact could reach far beyond server downtime or leaked emails. Imagine an attack against a transportation authority that manages train and subway routes. The results could be terrible. Between June of 2020 and June of 2021, the transportation industry witnessed a 186% increase in weekly ransomware attacks. In one event, attackers breached the New York Metropolitan Transportation Authority (MTA) systems. Thankfully, no one was harmed, but incidents like these are cause…

March 28, 2022

Low-code is easy, but is it secure?

4 min read - Low-code and no-code solutions are awesome. Why? With limited or no programming experience, you can quickly create software using a visual dashboard. This amounts to huge time and money savings. But with all this software out there, security experts worry about the risks. The global low-code platform market revenue was valued at nearly $13 billion in 2020. The market is forecast to reach over $47 billion in 2025 and $65 billion in 2027 with a CAGR of 26.1%. Very few,…

December 15, 2021

Starting From Scratch: How to Build a Small Business Cybersecurity Program

4 min read - When you run a small business, outsourcing for services like IT and security makes a lot of sense. While you might not have the budget for a full-time professional on staff to do these jobs, you still need the services.However, while it might be helpful to have a managed service provider handle your software and computing issues, cybersecurity for small and medium businesses (SMBs) also requires a personal, hands-on approach. While you can continue to outsource some areas of cybersecurity,…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature