Half of SMBs Believe They Are Immune to Targeted Cyber Attacks

Paul Mah
Slide Show

How IT Can Save SMBs Big Money

If there is an evergreen discussion theme at conferences or other gatherings of IT managers and executives, it's on ways of reducing costs while upping productivity.

A new poll conducted by Symantec has revealed the surprising fact that many small and mid-sized businesses do not consider themselves possible targets of cyber attacks. As such, many SMBs do not implement the proper precautions to protect themselves against such threats.


The telephone survey was conducted by Applied Research, which spoke with 1,900 organizations worldwide, with equal representation from businesses with 5 to 49 employees, 50 to 99 employees, 100 to 249 employees and 250 to 499 employees. Findings were detailed in the "SMB Threat Awareness Poll," which can be downloaded here (pdf).


The result came as a surprise given the generally high awareness of respondents on the kind of threats faced by businesses today, as well as the impact that a security infiltration could have on their operations. For instance, when quizzed on their knowledge of vectors or attacks that can pose a security threat, the majority of respondents indicated that they were somewhat or completely familiar with the dangers of DDoS (Distributed Denial of Service) attacks, use of shortened URLs and keystroke logging.


Indeed, a significant 59 percent indicated their familiarity with "targeted attacks," which are a class of malware crafted against a specific organization or industry. The answers were decidedly less encouraging when respondents were posed with the question, "Why do you not consider any of the previously listed threats to pose a serious threat to your company?"


As outlined on page 11 of the report:


  • Other (1 percent)
  • I'm in denial (6 percent)
  • We protect our business from even advanced security risks (43 percent)
  • We are a small business, and we are not targets for these types of risks (50 percent)


It must be pointed out that the phrasing of the questions has the effect of skewing businesses that are not fully prepared to tackle the security problems that were previously mentioned to the last option. However, the very fact that less than half of SMBs felt they were prepared should also serve as a warning.


Last year, security vendor McAfee released a report that hackers are increasingly targeting mid-sized companies. As I wrote at that time, about one third of the organizations said they were attacked repeatedly, effectively debunking the myth that targeted attacks only happen to governments and enterprises.


In a statement, Steve Cullen, Symantec's senior vice president of worldwide marketing for SMB and Symantec.Cloud had this to say about the company's research:

Our research shows that SMBs are quite vulnerable to cyberattacks, and it's more important than ever for them to take steps to keep their information safe.

Symantec furnished several simple practices that SMBs can follow to protect themselves, which I summarize below:


  • Educate employees: This ranges from regularly changing passwords and protecting mobile devices.
  • Access your security status: Evaluate your risk and take steps to protect confidential information.
  • Take action: Develop a security plan and implement measures such as password policies, encryption and endpoint protection.


As further reading, you may also want to check out an earlier blog post on how hackers target SMBs and how to deter them.

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


Add Comment      Leave a comment on this blog post
Nov 21, 2011 2:39 PM James Gudeli James Gudeli  says:

There are many reason why even the smallest businesses should invest in a "business-class" unified threat management to protect their networks instead of some low cost internet router with firewalling capabilities.

Deterrence - Using Network Address Translation in a basic router/firewall as opposed to nothing at all is the better option, just as a shop with a lock on its door is more secure than one without. But security cameras and alarms are better still, especially from a deterrent perspective. The better the security, the higher the barrier for black hats; the law of diminishing return applies to crackers like everyone else.

Credit Cards - Many small businesses may feel that they are protected by the security of obscurity. What could some hacker want with my meager business?, they may ask. Credit card information is the most obvious answer, and most businesses accept them as some form of payment these days. But, it is not just their customers' payment card details; the bigger threat is to their employees. Most attacks prey on the business's connected users through phishing schemes. Providing a safe working environment is important, even online. Advanced filtering tools keep employees safe and productive.

The Long term cost is low - Spending an extra $1000 on network security for 25 employes adds up to less than the cost of a daily latte over the course of the year but can be worth 100 times as much in terms of liabilities and lost productivity.

James Gudeli

Kerio Technologies


Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.

Subscribe Daily Edge Newsletters

Sign up now and get the best business technology insights direct to your inbox.