Small and medium businesses (SMBs) often don’t pay enough attention to cybersecurity, but they are no less vulnerable than their enterprise counterparts are to data breaches and attacks. In fact, attackers might consider SMBs to be an easier path into larger enterprises that are the real target.
In his blog post “Are Small Business IT Environments Virtual Gateways to Larger Enterprises?” Jon Karl of the fraud prevention company iovation wrote:
While small businesses may be less lucrative for cyber crooks, they see them as a means to an end -- with the prime target being larger organizations with much deeper pockets and valuable corporate assets. For online offenders, less conspicuous suppliers that partner with larger organizations hold the key to the digital doors of larger corporations. Those keys come in the form of customer information and intellectual property, which can be valuable to the right buyer in the digital black market. This data can also be used as a starting point for getting a foot in the door to commit affiliate fraud and other more sophisticated scams against big companies.
This notion hasn’t gone unnoticed by large companies that use smaller companies as suppliers in some way. At a recent State of Cybersecurity panel discussion hosted by the Greater Houston Partnership (GHP), leaders from some of the Houston area’s largest organizations – including Shell, CenterPoint Energy, NASA and the Federal Reserve Bank of Dallas – acknowledged that companies have started to cut off work with businesses that are not keenly aware of online threats. A Houston Chronicle article about the discussion quoted Rashi Bates, general manager for Shell WindEnergy as saying, “We can protect ourselves, we can protect our people, we can protect our assets, but when we have these collaborative workspaces and we interface with other people, now we’re trying to protect their assets also.”
The GHP used this particular gathering to announce the availability of its brand new e-booklet “Cybersecurity and Business Vitality.” This is a guide to “what every Houston-area business leader needs to know” pertaining to security in the digital world. Don’t be intimidated by the focus on Houston; this is a guide for every SMB in America (but enterprises can use it too).
There are many reasons why small and medium-sized businesses don’t pay close attention to cybersecurity. They say they don’t have the budget to put toward security, or they lack the in-house expertise to design and deploy solutions. Maybe so, but I think the primary reason they shirk their responsibility to implement good security measures is that they just don’t know where to start and what to do. The GHP’s guide fills that need.
This free 60-page e-booklet is pretty explicit in telling companies what they need to do in order to dramatically reduce the likelihood of a breach or cyberattack. What’s more, the “things to do” don’t necessarily cost a lot of money—or any money at all. As the report points out, cybersecurity is a complex issue but there are many simple steps that businesses can take to protect themselves from cyber crime. Further, many steps don’t require a large financial commitment. What they do require, however, is a time commitment to understand the issues, take preliminary steps, and continue to treat cybersecurity as a priority for the business.
That last point can’t be understated. As large enterprises make it a priority to conduct third party risk assessments, smaller companies that provide services to these larger companies could find themselves out of the competition for lucrative contracts if their cybersecurity program is found lacking.
Regardless of the size of your business and the status of your cybersecurity program, take a look at the GHP’s free guide. There’s a lot of good guidance in there with explicit recommendations for keeping your business protected.
- About Corero
- Investor Relations
- News Room
- Executive Management Team
- Corero Offices
- Contact Us