Skip to content

Verizon Study — SMBs Easier Prey

May 4, 2015

Hackers and cyber criminals continue to focus their attacks on small businesses and organizations, according to evidence contained in the 2015 Verizon Data Breach Investigations Report.

The Accommodations industry that is such a critical component of the Hospitality industry that drives the local economy on Delmarva offers just one example of cyber gangs’ taste for smaller organizations.

Partners reporting to Verizon identified 368 security incidents in the Accomodations industry in 2014, including 181 at small lodging businesses.

More striking, however, is that of those 181 security incidents, 180 resulted in confirmed data loss. That’s a nearly 100% success rate for cyber criminals interested in pilfering the data stored by motels and hotels — names, addresses, phone numbers, license numbers, credit card information.

Consider then, that of the 90 security incidents at Large Accomodations businesses, only 10 resulted in confirmed data loss.

The trend continues across all industries — of the 694 security incidents reported at small organizations by Verizon’s study partners, 573 resulted in confirmed data loss for an 82.6% success rate.

Contrast that with large organizations that experienced 50,081 security incidents in 2014 but with just 502 resulting in confirmed data loss for a 1% success rate.

Is it any wonder cyber criminals continue to increase their attacks on small organizations given such astounding success in stealing data from them?

Besides the ease of data theft, cyber criminals, on the heels of the Target breach in late 2013, know that small businesses can lead to larger prey — i.e., login credentials to vendor web sites of large corporations.

That’s what happened at Target. An employee at one of Target’s HVAC contractors opened an infected email. The resulting compromise of that machine allowed the hackers to obtain the contractor’s Target vendor credentials, which the hackers then used to work their way through Target’s system, all the way to the cash registers at Target stores.

Before Target realized it had been breached months later, 40 million credit cards had been stolen.

Most small business owners I talk to resent having to spend money on network security. It’s an understandable but short-sighted sentiment.

The fact is, you don’t need to spend a fortune on security to protect yourself, your business, your employees, your customers, and your vendors, but you do need more than an anti-virus based on signatures and definitions.

The amount you should spend depends on the risk your business faces of an attack, the value of the data you store, and the financial and reputational damage that could be result if that data is stolen.

The only way to determine those values is to perform a Security Risk Assessment. FlexITechs can help you perform that assessment and determine the types of security you need at a cost that makes sense for your business.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: