Skip to main content
close search
site logo
Dive Brief

Cyberthreats swallow SMBs burdened by supply chain attacks

Published Nov. 26, 2018
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Dollar Photo Club

Dive Brief:

  • Though cyberthreats are as prominent for small- to medium-sized businesses as large enterprises, less than one-third of SMBs feel their protection measures are highly effective, according to a Ponemon Institute survey of nearly 29,000 IT practitioners and IT security practitioners in the U.S. and United Kingdom.
  • The most common types of cyberattacks for SMBs were phishing or social engineering, followed by web-based, general malware and compromised or stolen devices, according to the report. Advanced malware and zero-day attacks increased their frequency the most from 2017 to 2018.
  • Thirty-five percent of respondents said no one person determines IT security priorities, while 31% said their CIO is in charge of setting a security plan in 2018. Nearly one-third of SMBs are turning to a managed security service provider to manage their firewalls or intrusion prevention system.

Dive Insight:

The survey highlighted the same concerns the cybersecurity industry has had for years. A sufficient security posture is hindered by a lack of personnel, small budgets and general confusion over how to protect against cyberattacks.

Cybersecurity can easily become a game of cat and mouse until one day, the cat outsmarts the mouse. As hackers and malicious actors are maturing, companies know that day is inevitable.

The "cyber Pearl Harbor is effectively every Tuesday," said Alex Stamos, adjunct professor at Stanford University and former Facebook CSO, while speaking at the Tanium conference in Washington in November.

When companies as large as Equifax and Yahoo can suffer security snafus, presumably with endless security resources, SMBs need to take more precaution. Hackers generally look to compromise smaller businesses in a enterprise's partner ecosystem to eventually infiltrate the larger organization.

When a supply chain attack is always a possibility, SMBs have to take action, including businesswide security training. About 1% of emails are considered malicious, and less than 10% of cyber crimes are done outside of email.

SMBs cannot afford to succumb to email Russian roulette. The "internet allows you to even the playing field" for bad actors, said Stamos, and assuming a small business is safe just because it's small is negligent.

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
Viz.ai Wins Prestigious Prix Galien USA Award for Best Digital Health Solution
From Viz.ai
November 12, 2024
DigiCert Welcomes Lakshmi Hanspal as New Chief Trust Officer
From DigiCert
October 24, 2024
truCX Launches Groundbreaking Partner Portal, Empowering CX Consultants and Trusted Advisors w…
From truCX
October 30, 2024
Celonis Business Collaboration Networks Drive Process Improvement Across Company Boundaries
From Celonis
October 23, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell