Cyber attacks can be damaging for small firms as well as household names

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.independent.co.uk/news/business/sme/cyber-attacks-can-be-damaging-for-small-firms-as-well-as-household-names-a6762886.html


Another day, another cyber attack on a well-known British company. JD
Wetherspoon said on Friday that hackers had stolen data on more than
650,000 customers from the pub chain. The detail is not yet clear, but the
business will be aware of the damage these attacks can cause. TalkTalk
thinks the attack on its systems last month could cost it as much as £35m.

The Wetherspoon attack, though at first sight less serious-looking,
underlines how companies in any business – not just tech – are seen as
targets by hackers. And nor is size a factor – small and medium-sized
enterprises (SMEs) are just as likely to come under attack as big business.

However, SMEs are only just beginning recognise this danger. In a poll of
more than 3,000 SMEs by Zurich Insurance in 15 countries, just 8 per cent
said they saw cyber crime as the greatest risk facing their businesses,
though this was twice as many who said the same in 2013 when the poll was
last conducted. Most SMEs are far more focused on traditional business
risk, such as fluctuating consumer demand and the threat posed by
competitors – and one in six companies told Zurich they regarded themselves
as too insignificant to be of interest to cyber criminals.

The Government’s Cyber Streetwise campaign this year found that two-thirds
of British SMEs didn’t consider themselves vulnerable to attack. Only 16
per cent intended to prioritise improving their cyber security during 2015.

Cyber security experts argue that SMEs are actually more at risk, because
hackers know they are less likely to have put defences in place – they may
hold less data than larger companies, but getting at it is easier. Cyber
Streetwise suggested that a staggering 33 per cent of smaller businesses
have suffered a cyber attack from outside their business.

Risks include a business’s intellectual property being sold to a competitor
and email addresses being sold to spammers.

The Government’s analysis suggests that a typical security breach at a
small company costs the business £300,000 – enough to put many out of
business. Many SMEs lack the in-house expertise to cope with an attack, so
it takes them longer to resolve the problems caused – that may lead to
extended interruption of trading.  And reputational damage should be a
consideration too.

Even in the absence of an attack, failing to take precautions can damage
the business. The Government won’t allow any company that doesn’t have its
Cyber Essentials accreditation to bid for work with it. Other public-sector
organisations have followed that lead, while private sector businesses
increasingly operate on a similar basis.

There is no excuse for failing to take cyber security seriously. Not least
because the Government itself offers SMEs a wealth of free advice and
services – the Cyber Streetwise campaign has been criticised in some
quarters as lacking rigour, but businesses who use its tools and follow its
advice will find they have a good first layer of protection on which to
build.

The bottom line, says Neil Eames, development manager at the Federation of
Small Business, is “that if you have an online presence, you are a target”.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!