Small Companies – Weak Link in Security Chain

In a recent article for BBC News,  Professor Alan Woodward outlines the vulnerabilities imposed on cyber-security by weak security practices at smaller organizations.

“They may not think they have any data worth stealing but even the smallest company can be custodian to information that represents hard cash to criminal gangs: credit card details, customers’ names and addresses, or the designs vital to an innovative start-up – all have a ready criminal market,” writes Professor Woodward.

Over the past 12 months a number of surveys have emerged which suggest that in excess of 60% of these small businesses have suffered some form of successful malware attack.

It’s not entirely surprising that small businesses are quite so poorly defended.

Someone running a small business is not necessarily going to have security as their main priority.

They are typically entrepreneurs not security experts. Money is always tight and there is a natural dynamic tension between need and cost and nearly 20% of small businesses only concern themselves with cyber-security following an intrusion. More worrisome still, one report indicates that 10% of small businesses would have no way of knowing if they had been successfully attacked.

Criminals also recognize that smaller businesses can often be a way of extending their reach to larger firms.

Take for example a manufacturer which designs on the cutting-edge.

Today, they typically don’t fabricate themselves but pass the designs to smaller manufacturers who in turn may subcontract elements of the manufacture.

That cutting-edge design, worth considerable sums in intellectual property, can end up with a relatively small business and is then protected using only their security, not that of the larger manufacturer.

An emerging trend is for those who disseminate valuable intellectual property to large distributed supply chains to track and audit who has access to what data. If the smaller business proves to be a source of a leak then they will not be in that supply chain for very long.

If a small business is looking for an advantage to join one of these large supply chains, they can differentiate themselves from the competition by demonstrating that they can protect the intellectual property entrusted to them.

With the perception that it will “never happen to me”  smaller businesses have put off what they see as a significant expense for what they see as a very remote eventuality. But small businesses cannot afford to put off considering cyber-security any longer.

Just as they hire outside expertise for accounting, there are many who can advise on the best way to protect them and their clients’ valuable data.

Failure to do so will ultimately cause the business to fail either through direct losses from an attack, or from being dropped by customers who feel their data is inadequately protected.

Speak Your Mind