Guest Blog: Small Businesses Are the Majority of Cyber Attack Victims


By Greg Sullivan, Chief Executive Officer, Global Velocity

Today’s cyber security risks for SMBs and how resellers can help prevent data breaches

More than

ever, small to medium sized businesses are realizing they are a target for hackers and cybercrime aficionados. While SMBs are not as big as companies like Target and Home Depot, they are the majority of victims at the hands of cyber thieves seeking easy targets. The Verizon 2013 Data Breach Investigations Report found that 62 percent of breaches impacted smaller organizations, likely a conservative figure since not all small organizations are reporting breaches.

The issue is that SMBs wrongly assume that their size or small influence does not merit attention from hackers or do not educate themselves about potential exploits in their infrastructure. Hackers run their operations like a business and want to find ways to maximize the return on their investments. That makes small businesses, which typically do not have the IT resources or expertise to implement and manage security systems, prime targets. A Ponemon Institute survey reported that one-third of respondents admit they are not certain if a cyber-attack occurred in the past year, and 59 percent of SMBs say they do not have sufficient IT experience.

Traditionally deployed defenses for the SMB, such as firewalls, spam blockers, or antivirus software on laptops, PCs, and other mobile devices can no longer stand against the sophisticated methods of the modern hacker. This singular line of defense is quickly overcome by hackers, and does even less to protect data stored in cloud-based application. Enter resellers. The increased adoption of cloud-based services like Dropbox, Salesforce, and Evernote and mobile computing presents the opportunity for resellers to help their customers develop a comprehensive security strategy.

The proliferation of cloud computing opens organizations up to potential breaches because sensitive data is stored and accessed outside the network. However, the significant benefits in terms of improved productivity, and collaboration make organizations more efficient. That’s the Catch-22 of cloud computing: cost effective and easy to use, but vulnerable to breaches.

The ongoing trend of “Bring Your Own Device,” is another factor to consider as employees’ access 46 percent of an organization’s business-critical applications from their mobile devices (Ponemon Institute). These devices typically sit outside the established security controls and allow cyber thieves to follow your data.

Resellers know that dismissing either of these trends is not an option, it trumps innovation. Instead, this is an opportunity to turn the discussion toward implementing and managing an effective cybersecurity system that can rapidly detect and prevent data breaches. Ultimately, this will serve as mission critical to the business and revenue growth.

When a large company endures an embarrassing and costly data breach, it will suffer financial losses and damage to its reputation. When a small company is attacked, it may never recover. An attack can set a small business back anywhere from $54,000 to $101,000 per incident (CNBC). PCWorld in August 2013 reported that of the small businesses who suffered a breach, roughly 60 percent go out of business within six months after an attack.

Symantec’s recent admission that AV software is “dead” is also an admission that the traditional approach of hardening the network and data center is also dying, particularly as companies move their data to cloud-based services. What’s necessary now is doing the opposite and taking an inside-out approach: protect the data itself rather than trying to block access to it. Monitor each and every file, no matter where it is stored, to track who accesses it and where it is moved based on rules set by the specific company to block unauthorized attempts to access and/or move a file.

Additionally, every business, large or small, should have a comprehensive security training program in place for employees. This involves not leaving files open or unattended, and making sure to shut down unsecured devices like a smartphone or tablet. Also, classify your employees based on what they can and cannot access on the company system. Not everyone needs to have access to all cloud applications. Additionally, each employee should have a different and strong password for all accounts or services.

In perfect world, a prevention plan is all you would need to avoid a breach. However, the stark reality is that an attack can happen despite your best efforts. Every small business should have a crisis management plan in place that centers on transparent communication between management, employees, stakeholders, customers, and anyone else who may be affected. Choose an internal employee to be the face of the company, and who will be the go-to person for updates and information.

Given that more than 48M cybersecurity incidents have been reported in 2014 [Pricewaterhouse Cooper], this year serves as a continuous reminder that the way we share, store, and access data is always evolving and so are the risks. It is important to keep up by understanding a security strategy requires several layers of defense, proactive monitoring and the help of channel partners to meet security needs.

About Greg Sullivan

Greg Sullivan, is Chief Executive Officer for Global Velocity, a company pioneering new approaches in securing information. Mr. Sullivan is recognized as an industry expert and visionary in the field of cybersecurity.

He is the retired Founder & CEO of G. A. Sullivan formed in 1982, that he built it into a leading software development company. After managing the company’s growth for more than 20 years, with operations across U.S. and Europe, he sold G. A. Sullivan to Avanade., a company jointly owned by Microsoft and Accenture. G. A. Sullivan appeared for four consecutive years on the Deloitte & Touche FAST 500 list of fastest growing technology companies in America, and three years on Inc. Magazine’s Inc. 500 list of fastest growing private companies in America.

Ernst & Young named Sullivan a 2000 Entrepreneur of the Year in the software/information services category and the U.S. Small Business Administration named Sullivan the 1999 National Small Business Person of the Year.

Sullivan holds a bachelor's degree in systems science and mathematics from Washington University in St. Louis.