Blog Feed Post

Small Businesses – Often Overlooked, but Just as Vulnerable to Cyber Attacks

Cyber-attacks make headlines on a daily basis.   The news media commands attention by publicizing high profile cases – well-known companies, enormous losses, and serious consequences.   With all the focus on the big guys, it’s easy to overlook the fact that no business demographic is immune from cyber-attacks.  In fact, recent reports estimate that small companies, those with fewer than 500 employees, may be experiencing as many as half of all targeted cyber-attacks.  Half!

Who is attacking the small business and why?

The threat to the small business is the same as any business.  The adversary is after company information and customer data, and since small businesses don’t have multi-million dollar security budgets they can be a much easier target.

The growing trend is for competitors to steal corporate information as an easy way to level the playing field.  Not only does this put your new highly innovative product or idea at risk while your Intellectual property sits “safely” within your own network, but this also means that all your vendors will be targets too.  As corporations increase their cyber security protection (spend more $), attackers will look for new routes to target their most prized Intellectual Property (IP).  For example, think of the treasure trove of corporate secrets that your legal firm has in their possession at any given time.

Another major issue for small businesses is theft of personal information.  Why should cyber criminals target fortune 1,000 companies when there are thousands of small businesses that are far easier to penetrate?

“I recently had a client who owns a restaurant where credit card information got released to the public,” said Scott Hauge whom is the president of the Small Business California, a small-business advocacy group.” As a result, MasterCard is looking to collect $200,000 in fines and he is also looking at numerous credit card holders bringing action against him. Visa recently stated that 95% of credit card thefts originate at small businesses”, Hauge said.

This quote demonstrates a small businesses worst fear – hundreds of thousands of dollars, potentially more, in unexpected fines disrupting their business.  Most small businesses cannot survive such a situation.

Small businesses are susceptible to sophisticated attacks too. 

If we consider law firms, they offer the cyber adversary valuable information on international mergers/acquisitions and trade, public policy, and export controlled technology as examples.  On two separate occasions, Cyber Squared’s investigations have identified sophisticated threats targeting international law firms.  In the first case, the law firm under attack advises on public policy and regulatory issues.  The second victim was a very large international law firm representing global 1,000 and Fortune 500 companies on high tech issues and emerging growth areas.

A well-executed cyber-attack can effectively put a small business out of business.   While cyber insurance may help offset costs associated with the loss itself and contain the damage and litigation, it won’t cover the loss of reputation.  Customers have little tolerance for having their sensitive data stolen.  Most states have enacted breach laws, so customers must be notified.

How does a small business protect itself?

FEMA, under the Department of Homeland Security, has released a “Common Sense Guide to Cyber Security for Small Businesses”.   This is a 12-step good practices list that includes case study examples of what goes wrong when these practices are not applied.  (Notice that Case #12 includes two law firm examples.)

Are good practices enough?

While applying good practices in a consistent timely approach reduces risk, they don’t offer adequate protection against a sophisticated adversary.

As enterprise corporations continue to increase spend on cyber security protection, many companies in the “protection” business focus primarily on solutions for these enterprise customers.  In many cases, their solution is incident response based, which doesn’t necessarily help the small business, where the first incident can put the small business out of business.

Cyber Squared believes that everyone deserves affordable protection.  This is especially important for small businesses’ that don’t have large budgets for cyber defense.  With our understanding of how sophisticated cyber threats exploit gaps in network defense and security policies, we identify risks to your organization’s business process and tailor our response based on timeline, acceptable cost, requirement from legal authorities, and acceptance of risk.  Doing this upfront allows our customers to feel comforted that they are prepared when, not if, the sophisticated threat comes knocking.  This also minimizes costly response efforts, or losses resulting from a successful breach of your business.

Read the original blog entry...

More Stories By Adam Vincent

Adam is an internationally renowned information security expert and is currently the CEO and a founder at Cyber Squared Inc. He possesses over a decade of experience in programming, network security, penetration testing, cryptography design & cryptanalysis, identity and access control, and a detailed expertise in information security. The culmination of this knowledge has led to the company’s creation of ThreatConnect™, the first-of-its-kind threat intelligence platform. He currently serves as an advisor to multiple security-focused organizations and has provided consultation to numerous businesses ranging from start-ups to governments, Fortune 500 organizations, and top financial institutions. Adam holds an MS in computer science with graduate certifications in computer security and information assurance from George Washington University. Vincent lives in Arlington, VA with his wife, two children, and dog.

Latest Stories
DX World EXPO, LLC, a Lighthouse Point, Florida-based startup trade show producer and the creator of "DXWorldEXPO® - Digital Transformation Conference & Expo" has announced its executive management team. The team is headed by Levent Selamoglu, who has been named CEO. "Now is the time for a truly global DX event, to bring together the leading minds from the technology world in a conversation about Digital Transformation," he said in making the announcement.
"Space Monkey by Vivent Smart Home is a product that is a distributed cloud-based edge storage network. Vivent Smart Home, our parent company, is a smart home provider that places a lot of hard drives across homes in North America," explained JT Olds, Director of Engineering, and Brandon Crowfeather, Product Manager, at Vivint Smart Home, in this SYS-CON.tv interview at @ThingsExpo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
SYS-CON Events announced today that Conference Guru has been named “Media Sponsor” of the 22nd International Cloud Expo, which will take place on June 5-7, 2018, at the Javits Center in New York, NY. A valuable conference experience generates new contacts, sales leads, potential strategic partners and potential investors; helps gather competitive intelligence and even provides inspiration for new products and services. Conference Guru works with conference organizers to pass great deals to gre...
DevOps is under attack because developers don’t want to mess with infrastructure. They will happily own their code into production, but want to use platforms instead of raw automation. That’s changing the landscape that we understand as DevOps with both architecture concepts (CloudNative) and process redefinition (SRE). Rob Hirschfeld’s recent work in Kubernetes operations has led to the conclusion that containers and related platforms have changed the way we should be thinking about DevOps and...
The Internet of Things will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform. In his session at @ThingsExpo, Craig Sproule, CEO of Metavine, demonstrated how to move beyond today's coding paradigm and shared the must-have mindsets for removing complexity from the develop...
In his Opening Keynote at 21st Cloud Expo, John Considine, General Manager of IBM Cloud Infrastructure, led attendees through the exciting evolution of the cloud. He looked at this major disruption from the perspective of technology, business models, and what this means for enterprises of all sizes. John Considine is General Manager of Cloud Infrastructure Services at IBM. In that role he is responsible for leading IBM’s public cloud infrastructure including strategy, development, and offering m...
The next XaaS is CICDaaS. Why? Because CICD saves developers a huge amount of time. CD is an especially great option for projects that require multiple and frequent contributions to be integrated. But… securing CICD best practices is an emerging, essential, yet little understood practice for DevOps teams and their Cloud Service Providers. The only way to get CICD to work in a highly secure environment takes collaboration, patience and persistence. Building CICD in the cloud requires rigorous ar...
Companies are harnessing data in ways we once associated with science fiction. Analysts have access to a plethora of visualization and reporting tools, but considering the vast amount of data businesses collect and limitations of CPUs, end users are forced to design their structures and systems with limitations. Until now. As the cloud toolkit to analyze data has evolved, GPUs have stepped in to massively parallel SQL, visualization and machine learning.
"Evatronix provides design services to companies that need to integrate the IoT technology in their products but they don't necessarily have the expertise, knowledge and design team to do so," explained Adam Morawiec, VP of Business Development at Evatronix, in this SYS-CON.tv interview at @ThingsExpo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
To get the most out of their data, successful companies are not focusing on queries and data lakes, they are actively integrating analytics into their operations with a data-first application development approach. Real-time adjustments to improve revenues, reduce costs, or mitigate risk rely on applications that minimize latency on a variety of data sources. In his session at @BigDataExpo, Jack Norris, Senior Vice President, Data and Applications at MapR Technologies, reviewed best practices to ...
Widespread fragmentation is stalling the growth of the IIoT and making it difficult for partners to work together. The number of software platforms, apps, hardware and connectivity standards is creating paralysis among businesses that are afraid of being locked into a solution. EdgeX Foundry is unifying the community around a common IoT edge framework and an ecosystem of interoperable components.
"ZeroStack is a startup in Silicon Valley. We're solving a very interesting problem around bringing public cloud convenience with private cloud control for enterprises and mid-size companies," explained Kamesh Pemmaraju, VP of Product Management at ZeroStack, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Large industrial manufacturing organizations are adopting the agile principles of cloud software companies. The industrial manufacturing development process has not scaled over time. Now that design CAD teams are geographically distributed, centralizing their work is key. With large multi-gigabyte projects, outdated tools have stifled industrial team agility, time-to-market milestones, and impacted P&L stakeholders.
"Akvelon is a software development company and we also provide consultancy services to folks who are looking to scale or accelerate their engineering roadmaps," explained Jeremiah Mothersell, Marketing Manager at Akvelon, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Enterprises are adopting Kubernetes to accelerate the development and the delivery of cloud-native applications. However, sharing a Kubernetes cluster between members of the same team can be challenging. And, sharing clusters across multiple teams is even harder. Kubernetes offers several constructs to help implement segmentation and isolation. However, these primitives can be complex to understand and apply. As a result, it’s becoming common for enterprises to end up with several clusters. Thi...