A couple of studies released this week reveal insight into why SMBs are so susceptible to security incidents and how much that susceptibility can cost them.
First, let’s look at Gemalto’s Breach Level Index. According to this report, 918 data breaches led to 1.9 billion data records being compromised worldwide in the first half of 2017. (There’s a reason why I tell people that their PII has likely been compromised already, if not in the latest front-page news breach, then in something smaller. Nearly two billion records in six months means a lot of us have been compromised.) And that likelihood of being a victim has gotten worse, as the study pointed out that compared to the last six months of 2016, the number of lost, stolen or compromised records increased by a staggering 164 percent, and during the first six months of 2017, more than 10 million records were compromised or exposed every day.https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=i
That leads us to the Keeper Security and Ponemon Institute study that confirmed an issue that we discuss often here – SMBs are as attractive a target for hackers as large enterprises. And where are SMBs most vulnerable to an attack? The report said that hackers are going after smartphones and tablets because more than 50 percent of SMBs have employees with sensitive company data stored on these devices. Hackers are using socially engineered attacks and ransomware to go after these devices. Also, password policies in SMBs are poor. This study is a perfect example of how ignoring good security practices within the SMB can lead to a serious security incident. As Darren Guccione, CEO and co-founder of Keeper Security, Inc., said in a formal statement:
The number one greatest cyber threat to a business is their very own employees. Critical data is more accessible via mobile devices in our 24/7-connected, device-filled world. Poor password policies, the rise of mobile-targeted attacks and the influx of Internet of Things devices in the workplace is a recipe for disaster.
And what is the cost to the company when it suffers an attack? According to Kaspersky Lab’s new report, SMBs can expect to pay an average of $117,000 if they suffer a data breach. Sure, that’s a lot less than the $1.3 million enterprise will pay, but for the SMB, a hundred thousand can be even more costly than a million. And like the Ponemon Institute study mentioned above, Kaspersky Lab also found that the most costly types of attacks to SMBs are targeted and socially engineered attacks.
Here is my takeaway from looking at these three studies. Data breaches are clearly becoming more frequent and the chances of your company suffering from one is clearly greater than ever. But at the same time, SMBs are leaving themselves extremely vulnerable because of poor security policies and training, and this poor security posture is going to end up costing you, not just in dollars, but possibly in the survival of your business. If you are an SMB who still thinks you won’t be targeted because you are too small, I hope you will look at these studies and reconsider that stance.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba