The Internet is a dangerous, anarchic place, and we always adopt what we believe to be appropriate and effective security precautions for our clients’ system. However, as we are dealing with smaller clients in the 10-200 user space, many of these feel that they are simply too small to be targeted by hackers, and often request lowering of their security settings as they often find them a little cumbersome, and thus reduce ease of use of their systems.
They make this request to lower their security settings because they feel that they are simply too small to be targeted by hackers and that they are not at risk. In our opinion, nothing could be further from the truth!
- 72% of known hacker breaches impacted business with less than 100 employees.
- 50% of those small businesses felt they were too small to be hacked. *
- Nearly 1 million new malware threats are released every day
Consider the impact of a security breach:
- Do you direct a company where a security breach can have criminal liabilities?
- Would you be required to make financial reparation if your secured data was made publicly available?
- How would your clients react to your/their information being publicly exposed?
How hackers work:
To understand why small businesses such as yours are at such high and serious risk we need to understand briefly how hackers operate.
Hackers do not discriminate by size of company! While certainly there are a number of targeted attacks by sophisticated hackers to much larger organisations, the majority of intrusions happen for other reasons.
Why is this so? Well, hackers work mainly by scanning machines for security breaches. As they can scan thousands of addresses in a very short space of time using automated tools, they are almost guaranteed to find all machines – for both large and small organisations.
They start by scanning all available Internet addresses for open ports, and once an open port is found, they then begin ‘footprinting’ the machine to see what it might contain.
Once they find a responding machine, they do a full port scan to see what sort of machine it is. [For example, if they find port 3389 open, it’s almost guaranteed to be a windows server.]
Their next step is running – again, completely automatically – all the known hacks for a particular server – and see what might not have been patched or secured.
Once they find one, they begin to exploit whatever they find….
What is your risk?
- Do you still think you are too small to be hacked?
- How comfortable are you that your organisation’s information security assets are acceptably protected?
- Are your systems vulnerable to old/unfixed security breaches?
- Have you already been compromised?
Remember, when you are connected to the Internet, the Internet is connected to you, and thousands of hackers are only a ping away.
PASR understands the above risks, and implements comprehensive security measures for our clients. If you have any doubts about your organisation’s ability to secure your information assets, then please contact me for assistance.
* [Courtesy of my colleague David Johnson of Sencha Enterprises, who recently brought this statistic to light.]
If you would like to discuss this issue and what it means for your business, please get in touch. Since inception in 1996, PASR Technologies has been providing SME business owners with a level of service and support to the SME business owner that is typically only directly available in very large organisations.
Servicing businesses from 10 to up to 200 employees, our clients range from local SMEs through to regional offices of larger MNCs, and include airlines.
At PASR Technologies, we solve your IT problems before you even realize you have one!