Why would they hack my small business?
I get that all the time when discussing security with my customers, for some reason they think that hackers and thieves won’t be interested in their data and that it’s not valuable to anyone else, it’s a complete misconception, in fact PwC recently released some research that showed that 76% of SME’s we’re targeted in 2012. Of course they are not looking to steal this year’s holiday calendar (although a list of when your employees are away from home isn’t necessarily useless information), think about this, most SME’s payroll systems are now linked directly to the bank, all a hacker has to do is get into the payroll clerks PC, add themselves as a member of staff and pay themselves a few thousand pound, transmit the request to the bank and they’re all done, they only have to repeat that a few hundred times and it’s a decent day at the office.
Larger companies are getting better at security, they’ve realised that they need to spend big to prevent a PR disaster, but hackers know that their customers (often smaller organisations) might be easier pray, the partner may have logins to the suppliers portal and that the start of something big.
Just two examples of why your small business is a big opportunity for the bad guys.
To combat these types of threats you need sophisticated, but not necessarily expensive security measures such a unified threat management, training your staff is also really important as they are often a target for social engineering attacks.
In summary don’t think that just because your small you’re not a target, Symantec’s 2012 security intelligence report confirms that attacks on SME’s doubled in the first part of 2012.