To the casual observer, it may seem like big businesses are the ones being hit most frequently with data breaches. After all, isn’t it stores like eBay, Target and Neiman Marcus that are making headlines for breaches? While that is true, there’s a simple reason for this that has nothing to do with attack frequency: Stores like that occupy a significant profile in the public eye. The fact is that for every breach of a major corporation, there are untold numbers of attacks that focus on much smaller enterprises, and that never will make headlines in the same way as an international company’s attack. What this means is that security personnel in charge of non-Fortune 1000 businesses need to never assume immunity to cybercrime, and must be vigilant in implementing endpoint threat detection and response measures.
Massive corporations aren’t the only target of cybercriminals
According to InformationWeek contributor Henry Kenyon, businesses that are smaller in size evince a clear naivete when it comes to the issue of data breaches. Far from somehow being impervious to cyber intrusions, these companies are, in fact, chief among the victims. Kenyon pointed to a recent security study that revealed that attacks specifically on small businesses experienced a sharp increase between 2012 and 2013, rising 61 percent. And attacks are not only increasing in frequency, but duration as well, with the average period an intrusion plays out doubling from four days to eight. None of this should come as a surprise to people who’ve followed the growth of cybercrime in recent years. Just as strategies for targeting and containing attacks have developed, so too have the techniques employed by hackers themselves, who seem to grow in sophistication alongside the attempts to suppress them. But why are non-Fortune 1000 companies emerging as prime targets in all of this? According to Kenyon, it all boils down to a lack of preparedness.
“A major reason for this shift to small- and mid-sized firms is that large companies … have improved their IT defenses and security procedures,” Korman stated. “Attackers seeking intellectual property and economic data have shifted to the smaller contractors and suppliers subcontracting under the larger firms.”
Companies must not let their guard down
The widespread presence of cyberattacks necessitates proactive defensive measures on the part of all businesses, regardless of size. An article in ITBusinessEdge highlighted some best practices that businesses can deploy in order to stave off attacks. Here are a few of them:
- Assemble a solid defense team. Endpoint security and control is not something that can be handled in a haphazard way. Therefore, businesses must equip themselves with a strong team that includes not only IT specialists, but also public relations people, so that if a breach does occur, the company won’t be left scrambling to come up with a response.
- Listen to experts. IT staff and other security experts should never be confined to some office where they won’t see the light of day. It’s important that companies seamlessly integrate security personnel into the overall business structure in order to encourage across-the-board safe computing.