By Claire West
“The reality is that mid-sized businesses need to help themselves in the security defence stakes, as no-one - including the government - is going to run to their rescue in the event they are hit by a cyber crime.” —
Richard Kirk, AlienVault Senior Vice President
Commenting on the latest cyber security report from the Federation of Small Businesses (FSB) - which found that SMBs are shouldering an enormous financial burden due to online and related fraud - AlienVault says that it is SMBs, and even midsize businesses, that have the most difficult task when it comes defending themselves from cybercriminals who are intent on theft and reputation damage.
According to Richard Kirk, who heads up AlienVault’s business in EMEA, if you extrapolate the figures from the report — ‘Cyber Security and Fraud: The Impact on Small Businesses' - you realise that, with 30% of FSB members reporting a fraud over the last 12 months, a typical small business is almost guaranteed to be hit by a fraud — that will cost them around £4,000 — every three and one third years.
"Whilst it's good to hear that 36% of SMBs are installing software patches as part of their regular security practice, that means that the other 64% are not patching their systems - and around 40% are not updating their IT security software. This is compounded by the fact that most mid-sized businesses we encounter have only limited staffing resources to handle their cyber security needs," he said.
“Smaller firms have fewer PCs and smaller data centre operations to defend, we’ve also observed that mid-sized businesses, which have a much larger attack surface, have become a target for hackers. As a result, we believe that it’s not just SMBs, but mid-sized businesses as well that need to wake up to the rising level of security threats, and find ways to quickly detect and manage threats more effectively to keep the damage caused by the latest cyberthreats at bay,” he added.
Larger enterprises, Kirk explained, generally have the necessary expertise — and budgets — to go down this path, but it is small and mid-sized businesses that most often lack the budgets and personnel to select, deploy, integrate and manage the security solutions required to defend against cyber crime.
This is why, he says, a growing number of these businesses are turning to the benefits of open source security solutions to better defend their systems, although they also need suitable security management technology — ideally itself based on open source — to control and provide visibility across the variety of tools essential for a strong security posture.
Given how few SMBs have the proper security controls in place to adequately protect themselves against cybercrime, perhaps it’s not surprising that this segment of businesses are keen on the banks taking more responsibility when it comes to cybercrime defence. The FSB report notes that 45% of SMBs cited this, even though the reality is that security begins at home; offloading the responsibility to the banks is not a long-term solution.
"SMBs have a stark choice: either they invest in suitable security technology or run the real risk - at odds of around 3/1 annually - of cybercriminals running up a sizable bill due to fraud. This translates to three successful attacks every ten years. Those kind of odds bring home the reality that SMBs really do need to wake up and start figuring out what their options are for security–and there are easier and affordable solutions available for smaller and midsize organisations," he said.
"As this report notes, many SMBs (31%) would welcome a more effective police response, but the reality is that they need to help themselves in the security defence stakes, as no-one - including the government - is going to run to their rescue in the event they are hit by a cyberfraud," he added.