Posted by: Terry Greer-King Posted date: 24 January 2017

Guest Blog: Why cybercriminals target small and medium size businesses


Cybercriminals are placing an undeniable burden on businesses of all sizes, including small and medium-sized ones. Business disruption, loss of revenue, repair costs, legal fees and fines are among some of the expenses that breached companies are left with.

The consequences to the economy are staggering.

Businesses making themselves vulnerable to cybercriminals

According to the UK Government, the estimated cost of cybercrime in the country is £27bn, making it the 6th most affected globally. The United States is at the top of the list.

Despite all these facts, many small and medium businesses (SMBs) do not see themselves as high-value targets for online criminals. In fact, 24% of the SMBs (250 to 999 employees) that do not have an executive accountable for security used this perception to explain the absence. In comparison, only 14% of enterprises (1000+ employees) offered this same explanation, according to the 2016 Cisco Annual Security Report.

Some SMBs are hesitant about investing in advanced security. They may not see it as a priority because they believe that attackers have better targets to choose from. This is simply not true. In fact, some attackers are specifically targeting small and medium companies. They realised they can exploit their weaker defences to gain access to the network of their most valued enterprise customers.

How businesses can prevent cyber attacks

When a breach happens, it is not difficult to imagine how badly those customers react. To avoid such issues, many enterprise customers now ask their suppliers to demonstrate that they meet certain security standards. Certifications such as ISO27001 are becoming a more common requirement.

Having strong security can help companies of all sizes differentiate themselves from their competitors and consequently it may slowly push less secure companies out of business.

Although the need for improving security is not exclusive to small and medium businesses, it may affect them more deeply. SMBs are already falling behind. They have fewer tools and processes than enterprises and they may also have less money to invest and to recruit top professionals.

However, SMBs should not let the lack of resources stop them. There are many ways in which they can improve their security infrastructure without breaking the bank. The first step is a change in attitude and accepting that they are just as much at risk as enterprises are, if not more.

These companies should also consider how they can improve the efficiency of the tools they have already got, implement stronger processes and metrics to measure performance and make it all simpler to manage. For example, they may achieve better efficiency and reduce overhead by integrating some of their solutions and automating some of their processes. They may also consider outsourcing part of their security services or using cloud-based solutions to reduce the overhead.

As the digital economy continues to blossom, the threat landscape will only become more complex. Security and guarding against cybercriminals is an ongoing commitment that companies need to make to sustain their growth.



Disclaimer: This blog post has been originally sourced from Daisy Group, the parent company of Alternative Networks. The views expressed here are solely those of the blog post author, and do not necessarily reflect the views of the author’s employer or other organisations with which the author is associated.

Terry Greer-King