Skip to main content
close search
site logo
Dive Brief

Cyberthreats swallow SMBs burdened by supply chain attacks

Published Nov. 26, 2018
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Dollar Photo Club

Dive Brief:

  • Though cyberthreats are as prominent for small- to medium-sized businesses as large enterprises, less than one-third of SMBs feel their protection measures are highly effective, according to a Ponemon Institute survey of nearly 29,000 IT practitioners and IT security practitioners in the U.S. and United Kingdom.
  • The most common types of cyberattacks for SMBs were phishing or social engineering, followed by web-based, general malware and compromised or stolen devices, according to the report. Advanced malware and zero-day attacks increased their frequency the most from 2017 to 2018.
  • Thirty-five percent of respondents said no one person determines IT security priorities, while 31% said their CIO is in charge of setting a security plan in 2018. Nearly one-third of SMBs are turning to a managed security service provider to manage their firewalls or intrusion prevention system.

Dive Insight:

The survey highlighted the same concerns the cybersecurity industry has had for years. A sufficient security posture is hindered by a lack of personnel, small budgets and general confusion over how to protect against cyberattacks.

Cybersecurity can easily become a game of cat and mouse until one day, the cat outsmarts the mouse. As hackers and malicious actors are maturing, companies know that day is inevitable.

The "cyber Pearl Harbor is effectively every Tuesday," said Alex Stamos, adjunct professor at Stanford University and former Facebook CSO, while speaking at the Tanium conference in Washington in November.

When companies as large as Equifax and Yahoo can suffer security snafus, presumably with endless security resources, SMBs need to take more precaution. Hackers generally look to compromise smaller businesses in a enterprise's partner ecosystem to eventually infiltrate the larger organization.

When a supply chain attack is always a possibility, SMBs have to take action, including businesswide security training. About 1% of emails are considered malicious, and less than 10% of cyber crimes are done outside of email.

SMBs cannot afford to succumb to email Russian roulette. The "internet allows you to even the playing field" for bad actors, said Stamos, and assuming a small business is safe just because it's small is negligent.

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
PointFive is Apparently the Hottest Cloud Startup, Here is Why
From Jordan Mitchell
November 21, 2024
New Research Reveals AI's Impact on IT's Power, Status, and Pay
From 1E
November 21, 2024
Graphiant Predicts Transformative Changes in Enterprise Connectivity and Data Assurance for 20…
From Graphiant
November 20, 2024
Legion Technologies Partners with Vail Resorts to Expand Workforce Management Across 37 Resort…
From Legion Technologies
November 19, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell