Unlike major corporations, small businesses don’t have huge budgets to allocate towards bolstering their cyber security. However, small businesses are increasingly finding themselves under attack by hackers for this very reason. Hackers see small businesses as soft targets or what is deemed in the industry as “low-hanging fruit.”
Hackers have many motives for their attacks. The leading ones are:
There was a time when anti-virus (AV) technologies alone were sufficient protection. Those days are long gone. Even the AV companies themselves are telling their customers that as a single solution, AV is not adequate protection. Hackers have devised quite sophisticated techniques to evade AV technologies. This is because AV is signature-based. If the AV software doesn’t have a signature for the attacker’s malware, it will go undetected.
Major IT security vendors realized they were making a serious mistake by offering technologies that only major corporations could afford to purchase. In the last few years, these same vendors designed new technologies to specifically serve the SMB market. One of the greatest new tools available is SaaS (Security-as-a-Service). This allows a business to outsource its IT security to an MSSP (Managed Security Service Provider) who manages the security of the company’s IT infrastructure over the Internet.
The hacker mindset is to attack the weakest link in the IT chain. So a defense-in-depth approach is best. This method creates multiple layers of defense that hackers have to overcome, which increases the chance of being discovered. A good place to start is to:
The degree of a business’ security should slightly exceed the importance of the data it stores/processes. If it stores/processes very sensitive data, its security should be more robust than a business that is merely trying to prevent someone from using its computer to attack someone else. If a business has a high-value client, it can reasonably assume it is a high-value target. It should want to defend itself accordingly.
About the Author: Kai Pfiester holds numerous cyber security certifications and is the owner of Black Cipher Security, a local IT security consulting firm.
Related Articles: