Blog Feed Post

Small Businesses – Often Overlooked, but Just as Vulnerable to Cyber Attacks

Cyber-attacks make headlines on a daily basis.   The news media commands attention by publicizing high profile cases – well-known companies, enormous losses, and serious consequences.   With all the focus on the big guys, it’s easy to overlook the fact that no business demographic is immune from cyber-attacks.  In fact, recent reports estimate that small companies, those with fewer than 500 employees, may be experiencing as many as half of all targeted cyber-attacks.  Half!

Who is attacking the small business and why?

The threat to the small business is the same as any business.  The adversary is after company information and customer data, and since small businesses don’t have multi-million dollar security budgets they can be a much easier target.

The growing trend is for competitors to steal corporate information as an easy way to level the playing field.  Not only does this put your new highly innovative product or idea at risk while your Intellectual property sits “safely” within your own network, but this also means that all your vendors will be targets too.  As corporations increase their cyber security protection (spend more $), attackers will look for new routes to target their most prized Intellectual Property (IP).  For example, think of the treasure trove of corporate secrets that your legal firm has in their possession at any given time.

Another major issue for small businesses is theft of personal information.  Why should cyber criminals target fortune 1,000 companies when there are thousands of small businesses that are far easier to penetrate?

“I recently had a client who owns a restaurant where credit card information got released to the public,” said Scott Hauge whom is the president of the Small Business California, a small-business advocacy group.” As a result, MasterCard is looking to collect $200,000 in fines and he is also looking at numerous credit card holders bringing action against him. Visa recently stated that 95% of credit card thefts originate at small businesses”, Hauge said.

This quote demonstrates a small businesses worst fear – hundreds of thousands of dollars, potentially more, in unexpected fines disrupting their business.  Most small businesses cannot survive such a situation.

Small businesses are susceptible to sophisticated attacks too. 

If we consider law firms, they offer the cyber adversary valuable information on international mergers/acquisitions and trade, public policy, and export controlled technology as examples.  On two separate occasions, Cyber Squared’s investigations have identified sophisticated threats targeting international law firms.  In the first case, the law firm under attack advises on public policy and regulatory issues.  The second victim was a very large international law firm representing global 1,000 and Fortune 500 companies on high tech issues and emerging growth areas.

A well-executed cyber-attack can effectively put a small business out of business.   While cyber insurance may help offset costs associated with the loss itself and contain the damage and litigation, it won’t cover the loss of reputation.  Customers have little tolerance for having their sensitive data stolen.  Most states have enacted breach laws, so customers must be notified.

How does a small business protect itself?

FEMA, under the Department of Homeland Security, has released a “Common Sense Guide to Cyber Security for Small Businesses”.   This is a 12-step good practices list that includes case study examples of what goes wrong when these practices are not applied.  (Notice that Case #12 includes two law firm examples.)

Are good practices enough?

While applying good practices in a consistent timely approach reduces risk, they don’t offer adequate protection against a sophisticated adversary.

As enterprise corporations continue to increase spend on cyber security protection, many companies in the “protection” business focus primarily on solutions for these enterprise customers.  In many cases, their solution is incident response based, which doesn’t necessarily help the small business, where the first incident can put the small business out of business.

Cyber Squared believes that everyone deserves affordable protection.  This is especially important for small businesses’ that don’t have large budgets for cyber defense.  With our understanding of how sophisticated cyber threats exploit gaps in network defense and security policies, we identify risks to your organization’s business process and tailor our response based on timeline, acceptable cost, requirement from legal authorities, and acceptance of risk.  Doing this upfront allows our customers to feel comforted that they are prepared when, not if, the sophisticated threat comes knocking.  This also minimizes costly response efforts, or losses resulting from a successful breach of your business.

Read the original blog entry...

More Stories By Adam Vincent

Adam is an internationally renowned information security expert and is currently the CEO and a founder at Cyber Squared Inc. He possesses over a decade of experience in programming, network security, penetration testing, cryptography design & cryptanalysis, identity and access control, and a detailed expertise in information security. The culmination of this knowledge has led to the company’s creation of ThreatConnect™, the first-of-its-kind threat intelligence platform. He currently serves as an advisor to multiple security-focused organizations and has provided consultation to numerous businesses ranging from start-ups to governments, Fortune 500 organizations, and top financial institutions. Adam holds an MS in computer science with graduate certifications in computer security and information assurance from George Washington University. Vincent lives in Arlington, VA with his wife, two children, and dog.

Latest Stories
DX World EXPO, LLC., a Lighthouse Point, Florida-based startup trade show producer and the creator of "DXWorldEXPO® - Digital Transformation Conference & Expo" has announced its executive management team. The team is headed by Levent Selamoglu, who has been named CEO. "Now is the time for a truly global DX event, to bring together the leading minds from the technology world in a conversation about Digital Transformation," he said in making the announcement.
"We focus on SAP workloads because they are among the most powerful but somewhat challenging workloads out there to take into public cloud," explained Swen Conrad, CEO of Ocean9, Inc., in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"As we've gone out into the public cloud we've seen that over time we may have lost a few things - we've lost control, we've given up cost to a certain extent, and then security, flexibility," explained Steve Conner, VP of Sales at Cloudistics,in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We provide IoT solutions. We provide the most compatible solutions for many applications. Our solutions are industry agnostic and also protocol agnostic," explained Richard Han, Head of Sales and Marketing and Engineering at Systena America, in this SYS-CON.tv interview at @ThingsExpo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We are focused on SAP running in the clouds, to make this super easy because we believe in the tremendous value of those powerful worlds - SAP and the cloud," explained Frank Stienhans, CTO of Ocean9, Inc., in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"DX encompasses the continuing technology revolution, and is addressing society's most important issues throughout the entire $78 trillion 21st-century global economy," said Roger Strukhoff, Conference Chair. "DX World Expo has organized these issues along 10 tracks with more than 150 of the world's top speakers coming to Istanbul to help change the world."
"Peak 10 is a hybrid infrastructure provider across the nation. We are in the thick of things when it comes to hybrid IT," explained , Chief Technology Officer at Peak 10, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"I think DevOps is now a rambunctious teenager – it’s starting to get a mind of its own, wanting to get its own things but it still needs some adult supervision," explained Thomas Hooker, VP of marketing at CollabNet, in this SYS-CON.tv interview at DevOps Summit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We are still a relatively small software house and we are focusing on certain industries like FinTech, med tech, energy and utilities. We help our customers with their digital transformation," noted Piotr Stawinski, Founder and CEO of EARP Integration, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We've been engaging with a lot of customers including Panasonic, we've been involved with Cisco and now we're working with the U.S. government - the Department of Homeland Security," explained Peter Jung, Chief Product Officer at Pulzze Systems, in this SYS-CON.tv interview at @ThingsExpo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We're here to tell the world about our cloud-scale infrastructure that we have at Juniper combined with the world-class security that we put into the cloud," explained Lisa Guess, VP of Systems Engineering at Juniper Networks, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"I will be talking about ChatOps and ChatOps as a way to solve some problems in the DevOps space," explained Himanshu Chhetri, CTO of Addteq, in this SYS-CON.tv interview at @DevOpsSummit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
With tough new regulations coming to Europe on data privacy in May 2018, Calligo will explain why in reality the effect is global and transforms how you consider critical data. EU GDPR fundamentally rewrites the rules for cloud, Big Data and IoT. In his session at 21st Cloud Expo, Adam Ryan, Vice President and General Manager EMEA at Calligo, will examine the regulations and provide insight on how it affects technology, challenges the established rules and will usher in new levels of diligence...
SYS-CON Events announced today that SkyScale will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. SkyScale is a world-class provider of cloud-based, ultra-fast multi-GPU hardware platforms for lease to customers desiring the fastest performance available as a service anywhere in the world. SkyScale builds, configures, and manages dedicated systems strategically located in maximum-securit...
Your homes and cars can be automated and self-serviced. Why can't your storage? From simply asking questions to analyze and troubleshoot your infrastructure, to provisioning storage with snapshots, recovery and replication, your wildest sci-fi dream has come true. In his session at @DevOpsSummit at 20th Cloud Expo, Dan Florea, Director of Product Management at Tintri, provided a ChatOps demo where you can talk to your storage and manage it from anywhere, through Slack and similar services with...