Large companies invest in cyber defense, making small businesses an easier target
Google the phrase “small business gets hacked.” My search uncovered over 2 million hits. One of the top headlines reading “43% of cyber-attacks target small businesses”. The media keeps us well informed on hacks involving large companies or government agencies, especially if a public figure is involved. Large companies are frequently featured, but I can’t remember the last time there was publicity regarding the cyber-attack of a small business. The sad fact is it happens more often than you realize. The big companies may get the headlines, but small to medium sized companies are silently becoming the favorite target.
Criminals tend to take the path of least resistance. Most large companies have heavily invested to shore up their cyber defenses which make them harder targets and more effort to breach. The soft target presented by small business creates an opportunity for profit without much likelihood of prosecution.
Experts consider smaller firms as a gateway into larger companies and financial institutions. If you are an agent, service company or distributor for a larger corporation you typically have login credentials that can be used to get inside their network or perhaps vulnerable applications. The login credentials of an HVAC company to monitor the air conditioning became the method of access and first step in the Target breach, costing them millions to recover.
|Cyber security is not a “once and done” proposition (2 of 3)|
About the Author
Kevin Baker has been working in the information security field for eighteen years. His roles included a security engineer, risk manager, people leader and program builder. Kevin's security practice in financial services security and compliance has extended to both international and domestic markets. He is currently the Information Security Leader for Westfield Insurance.