That a cyber attack is afforded significantly more column inches when the victim is a large multinational rather than a small to mid-sized business (SMB) is an obvious assertion and one that is hard to deny.

Yet while larger companies have been and will continue to be the most desirable targets for a cyber attack, the threat facing SMBs is also considerable and should not be underestimated. Indeed, the threat to SMBs – often companies that are likely to struggle with regulatory compliance, budgetary restraints and prioritising cyber security – is increasing exponentially.

According to FireEye, there are four main reasons why cyber attackers target SMBs. First, they are considered easy targets (65 percent of SMBs have no data security policy). Second, they represent low risk and high returns (only 10 percent of cyber crimes reported to police by SMBs result in a conviction). Third, they use outdated security (cyber attackers bypassed multiple layers of security in 96 percent of SME deployments in a real-world study). Finally, they are largely unaware of the risks they face (58 percent of SME managers do not see cyber attacks as a significant risk).

In its ‘Cyber Threats to Small and Medium Sized Businesses in 2017’ report, Webroot – which surveyed 600 IT decision makers at firms with 100 to 499 employees in the US, UK and Australia – discovered that only 42 percent of IT bosses felt ransomware was a major external security threat, despite the global impact of the WannaCry and Petya attacks in 2017.

Jan-Mar 2018 Issue

Fraser Tennant