If you’re a small-to-medium business owner who isn’t nervous about the potential risks of a cyber attack then, I’m sorry to say, you’re delusional. High-profile intrusions hit the news because they are exactly that – high profile. Small-to-medium businesses get hacked routinely and with devastating financial results. However, you’re not hearing about it because it’s not deemed newsworthy.
Recent data from Public Safety Canada estimates that over a one-year period as many as 86% of larger Canadian businesses and organisations were breached by a cyberattack. But larger businesses generally have the means to make a recovery, smaller and medium-sized businesses aren’t quite as privileged.
Richard Frank, a Simon Fraser University professor with a PhD in computing science and criminology spoke to Business Vancouver about the particular vulnerabilities leaving SMEs open to risk.
“Depending on size, if an SME is small enough, or lax enough about their security, then they might not even have sufficient internal checks in place to catch internal attacks. Due to resources available, they will have to rely more on their employees.”
“An SME will not have sufficient resources to dedicate to security, so rather than develop this internally, they should outsource it to the professionals who do have the expertise to do it properly. If a company sells widgets, they should focus on selling and supporting. But they could outsource their store, the browsing of product, the shopping cart, to a company that has done it properly rather than implementing everything on their own.”
You don’t have to sit around and wait for a hacker to hold your data to ransom before doing something. Proactive measures, such as business and data penetration testing and network and human risk monitoring (you can take a look at our information on corporate investigations for more information about this), actively assess the risk points in your business.
Some people may confuse penetration testing with vulnerability scans. However, the latter involves the use of automated tools to unveil security risks. The former delves deeper; exploiting those security vulnerabilities to assess just how much damage could potentially be inflicted.
Penetration testing relies heavily on the expertise of the pen-tester. Because hackers are people capitalising on tools for a criminal purpose, penetration testing relies on the wisdom of pen-testing experts to head out on that criminal trail before the criminals get the opportunity to ever start. It involves the use of high-tech software but it also requires the lateral thinking of a human team.
Interested in learning more? Read my article, “What every business owner needs to know about data breaches” over at Dynamic Business.