Small-to-medium enterprises (SMEs) don’t believe they’re big enough to be of interest to cyber criminals - and therefore are immune to attacks, according to research.
The survey, conducted by security company Kaspersky Lab, polled a number of such firms in the UK, finding over half (59%) think their information held 'no value' for Internet criminals.
However, the firm argues that this is erroneous - and it is such a claimed lack of awareness, combined with limited security measures, that in fact makes smaller businesses an easy target for hackers.
“Whether it is a supplier, a partner or a customer, SMEs tend to have links to other, larger companies,” warned David Emm, a Kaspersky Lab senior researcher.
“With this in mind, cyber criminals increasingly target SMEs to get information that will enable them to access the larger company’s infrastructure,” he claimed.
According to Emm, cyber criminals can gain enough collateral to access large organisations by illegally obtaining information from smaller companies first.
“For example, if the SME in question is a widget supplier to a big name, a cyber-criminal can sneak into their system if insecure and steal information that will make it easier for them to gain access to the larger company’s infrastructure, putting both them and their associates at risk,” he said.
The researcher urges smaller businesses to take steps to prevent this from happening, by remembering a few steps to security:
· knowledge of potential threats
· keeping an eye out for attacks
· ensuring all staff are educated on security policies.
Emm argues that security policies are just as important as health and safety information and says this should not be a one-off activity, procedures need to be re-evaluated on a regular basis.