The relatively smaller footprint and financial clout of SMBs means that they are safe from the attention of hackers, right? As I emphasized in "Why SMBs Should Pay Attention to Security," this is a common myth, a fallacy that SMBs will do well to reject. Many hackers are really no more than script-kiddies who dabble with pre-packaged hacking tools in the hope of striking gold. So while the elite hackers are indeed less likely to be interested in your small operation, the current climate of insecurity means that smaller-time "gatherers" are going to have a field day with unprotected small and mid-sized businesses.
Pushing the point home is a new study concluding that hackers are increasingly targeting mid-sized companies. Security vendor McAfee and London-based Bloor Research surveyed 1,100 companies with between 51 to 1,000 employees around the globe to put together the report titled "The Security Paradox." It found that half of the surveyed mid-sized companies have seen more security incidents over the past year. Specifically, 40 percent of mid-sized organizations admit to suffering data breaches, representing an increase of 13 percent from the previous year.
And debunking the idea that these attacks are just isolated incidents, about one-third of the organizations said they were attacked repeatedly. In fact, half of these incidents were considered sufficiently serious to require up to five hours of investigation and systems rectification. Overall, the study shows that the average number of cyber attacks conducted against mid-sized organizations and larger has more than quadrupled in the United States.
Call it a sign of the times, given that companies are increasingly relying on information technology and the Internet as the foundation to conduct core business transactions. The problem, though, is that while both the volume and severity of threats have grown, resources allocated to combat them have declined. Thus the paradox in the title of the report.
Cari Jaquet, director of solutions marketing for McAfee told SearchMidmarketSecurity.com that 65 percent of businesses spent less than three hours a week on security last year; a figure that was only mildly better than the 58 percent obtained this year.
In addition, despite once belonging to the exclusive domain of enterprises and governments, data breaches are becoming a threat vector that afflicts mid-sized businesses. Nigel Stanley, a business technology specialist who heads Bloor's IT Security practice, observed how the weak economy has a role to play in insider attacks, an area that businesses are rightly worried about. The difficulty global economy, says Stanley, "is driving people to go after the corporation's data and take it with them when they move jobs."
In a statement, Alex Thurber, senior vice president of worldwide channel operations for McAfee summed up the situation, "Keeping up with security threats is a significant distraction from running a midsize business." Yet better a distraction that consumes some funds and energy than stolen corporate secrets or identity data that drags the company under.