Small firms are easy target for cyber crime, says hacker

I was recently asked to contribute to a BBC article on the risks of cyber crime for small businesses. The article features quotes from a hacker who admits that small businesses are ‘fair game’.

You can find the full article on the BBC Business News site here – Small firms are ‘easy target’ for cyber crime .

The BBC article is right to highlight the dangers to small firms as well as large. Research from Symantec shows that since the beginning of 2010, 40% of all targeted attacks have been directed at small and medium-sized businesses, compared to only 28% directed at large companies. Worrying statistics. If you run a small business here are answers to some of the questions you might well be asking:

Question: Where are the key flash points for small firms in terms of technology security?

Answer: The consumerisation of IT, bringing your own device (BYOD) to work, the cloud and the rise of social media are the things small businesses should be concerned about. Yes, smartphones and tablets make life easier (and they’re cool), and allowing your staff to bring in their own devices for work purposes along with cloud based services makes doing business cheaper but there is a downside if your company has valuable information stored on these devices. Social media brings opportunities for business but also risks. There are no easy answers to balancing the need for efficiency and securing valuable data. It’s all about risk and business leaders need to think through what is acceptable in the context of their business operations.

Question: Who is likely to attack businesses and why?

Answer: High value information is what an attacker will be looking for but what constitutes ‘high value’ depends upon the business and the attacker. The Cost of Cyber Crime, a report by Detica and the Office of Cyber Security and Information Assurance identified the cost of IP theft and industrial espionage at £17Bn per annum for the UK so any small company involved at the cutting edge of technology is certainly a target from cyber criminals who will profit from stealing new ideas.

But it’s not just the techie SMEs that need to be concerned, companies processing peoples credit or debit card details need to protect the processing and transit of that data within their network. Credit card fraud is down again this year but it’s unlikely that the cyber criminals will stop attacking as obtaining and selling on card details from poorly protected companies is relatively easy work.

At the end of day whilst there is little understanding of cyber crime and cyber attacks for the majority of the population, cyber criminals will exploit this and cyber crime will continue.

Question: What impact do such attacks have?

Answer: In the main an attack impacts a company’s finances or reputation. A small start up technology firm that has its ‘about to be patented design stolen’ could go bust almost immediately. The mature company that trades on innovation may see a reduction in sales over a longer period of time. In between these extremes there are a myriad of scenarios but in general the impact is to the financial standing of a company.

Diginotar, the Dutch based certificate issuing authority, went bust as a direct result of their information loss, as an IT company involved with ‘security’ Diginotar’s reputation was irreparably damaged by the incident. But not all companies suffer catastrophic impacts; TKMaxx share price was not affected at all when they had 100,000’s of card details stolen, but that was a few years ago. There is ever more awareness of cybercrime and people may be less forgiving of large companies being victims of cyber-based attacks. The network attacks on Sony PlayStation and RSA both cost significant amounts to rectify but their long-term future was not in jeopardy.

“The UK is pushing for a knowledge-based economy keeping hold of that knowledge becomes paramount if we are to succeed in the global economy.”

Question: What steps should small firms be taking to protect themselves?

Answer: This falls into two categories; understand what and where your valuable data is and then do something to protect it. When protecting your data, if nothing else do the basics. Passwords, patching, anti-malware, access, admin rights, firewalls, and encryption – basic security controls can prevent 80% of all cyber attacks.

See our previous article – Protect your systems from cyber threat with seven basic security controls .


Article by Dave James , MD of Ascentor.

Other articles you might like

3 thoughts on “Small firms are easy target for cyber crime, says hacker

  1. Sonja Jefferson says:

    That’s scary but a real eye opener. Smaller firms like mine stick our heads in the sand when it comes to information security. Time to get out of that sand pile fast! Thanks for the wake up call Dave.

    • Dave James says:

      Getting the balance right for SME’s is a real challenge. Expertise, time and money are in short supply for the small and micro SME’s so doing the basics is sometimes all that is practicable to mitigate the bad stuff happening. If everyone started used strong passwords tomorrow the cyber criminals would have a real problem on their hands.

  2. […] Security controls Home / Information Risk Management, Information Security Incidents, Security controls / The Human Factor – minimising the risk to your information from human error « Small firms are easy target for cyber crime, says hacker […]

Comments are closed.