• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Current News   »   SMB vulnerabilities overlooked in focus on big retail breaches

SMB vulnerabilities overlooked in focus on big retail breaches

  • Posted on:September 25, 2014
  • Posted in:Current News, Industry News, Vulnerabilities & Exploits
  • Posted by:
    Trend Micro
0

Looking back at the data breaches that have made headlines in recent years, a few names stand out: eBay, Target and Home Depot for starters. Besides being retailers, these three are linked by their status as big, established companies that nevertheless were hit by wide-reaching network security breaches. The scale of each incident was enormous. At Home Depot alone, the number of compromised payment cards may have exceeded the population of Spain.

SMBs: Under-protected and vulnerable to intrusion
However, it’s important to step back and realize that large corporations aren’t alone in facing significant cybersecurity risk. Small and midsized businesses are also common targets of cybercriminals:

  • Over the past 12 months, almost two-thirds of SMBs in the U.K. experienced a breach, according to research from the British government’s Department for Business Innovation and Skills. Website hacks and loss of customer information happened frequently. A Nominet survey of 400 SMBs painted a more sobering picture, with 77 percent of respondents having been breached in the last month.
  • In the TrendLabs primer “5 Reasons Why Your Antivirus Software Is Not Enough,” Trend Micro researchers explained how SMBs are prime targets largely because many of them stop short of full security. More specifically, these organizations may invest in antivirus, but neglect to address advanced persistent threats or social engineering that may flaunt it. SMBs are on pace to spend $5.6 billion on security technology by 2015.
  • SMBs are moving much of their data and many of their services to the cloud. A Windstream study found that 68 percent of the 350 executives it surveyed were looking to the cloud to trim operational expenses. Yet, the cloud lessens IT’s control over company data. Cloud security is essential for detecting and mitigating any threats to these assets.

Despite these pressures, there can never be an SMB equivalent of the Target breach, if only because of a size disparity. For this reason, SMB cybersecurity will struggle to attract the attention it deserves if businesses are to become more adept at curtailing breaches.

The self-reporting example: Many SMBs lack resources to curb attacks
On top of the issue of scale, SMBs are also hampered by limited visibility into their own exposure to risk. The North American Security Administrators Association recently surveyed 440 financial advisors and discovered that only 4 percent of respondents knew that their companies had been breached, despite cybersecurity policies being in place at more than half of these firms.

This gap exists because many employees, as well as their employers, lack the means to detect security incidents, and thus self-report at a low rate. A mere 44 percent had initiatives for training workers in techniques such as identifying phishing emails. Moreover, risk assessments are often too narrow or basic to catch all possible threats, which, as we noted, are often beyond the scope of standalone antivirus tools. Assessors may focus on network security, or perform the review on behalf of their own enterprises, rather as independent outsiders. Assessments must evolve to account for today’s diverse threats.

“Firms this size generally lack the technology and sophistication to detect a cybersecurity breach,” stated Raj Bakhru, CFA and CEO of Aponix Financial Technologists, according to ThinkAdvisor. “A risk assessment covers deficiencies in documentation, processes and procedures, workflow flaws and vulnerabilities, vendor diligence, and beyond, in addition to internal and external network testing.”

Protecting SMBs against cyberattacks starts with education – e.g., about how to identify malicious attempts at gaining access to the corporate networks, and extends to strong endpoint security and regular, rigorous review of infrastructure. SMB breaches may not be front page news, but they’re damaging all the same and require a fresh approach to cybersecurity.

Related posts:

  1. Top cloud security trends: A focus on e-commerce
  2. Information about recent retail data breaches in the United States: an FAQ
  3. Retail breaches spur organizations to overhaul security efforts, part 2
  4. Retail breaches spur organizations to overhaul security efforts, part 1

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Detected Cyber Threats Rose 20% to Exceed 62.6 Billion in 2020
  • Trend Micro Recognized on CRN Security 100 List
  • Trend Micro Reports Solid Results for Q4 and Fiscal Year 2020
  • Connected Cars Technology Vulnerable to Cyber Attacks
  • Trend Micro Asks Students How Their Relationship to the Internet Has Changed During COVID-19
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.