Recent events have shown us that a lot of big corporations have had immense breaches due to poor security measures.
Highlighting WannaCry outbreak and Equifax breach, we somehow think that the big corporations are more of a target than small businesses. Actually the situation is not what it looks like, of course the attacks targeted to small and medium sized businesses are not on the first page of the newspapers, but in reality according to the statistics released by Symantec half of the attacks usually are against small business websites.
A really good example comes from Austria and it’s about a hotel, that was hacked four times in a row. A beautiful hotel in Austria’s Alps was hacked four times between December 2016 and January 2017 where hackers got access to the hotel’s electronic door locks.
“We got a ransomware mail which was hidden in a bill from Telekom Austria,” says Mr Brandstatter. – BBC News
In addition to unusable door locks the hotel’s hard drive was compromised and the hotel had to pay a ransom of two bitcoins, which at the moment is a really big amount of money.
But why SMEs?
Small to medium enterprises are usually the ones low in security and therefore are a primary target for hackers.
Awareness in the cyber world is still one of the biggest problems as business executives and employees are unaware of the risks that the cyber world holds.
“Actually, as a small business you do not really think that anybody’s interested in you for hacking, so we had no plan what to do,” Mr Brandstatter. via. BBC News
No organization wants its data to be compromised, as the result is not only a reputation loss, but also penalties or fines. Proper security awareness and protection will reduce the risk to the organization’s data and information systems.
The world is connected and it is important that everyone protects their data. To small and medium sized enterprises wondering why would anyone hack them we have to also say that it’s not them the hacker is targeting in some cases. The truth is that hackers can crawl their way into bigger companies through SME’s.
How to prevent? Where to begin?
First of all are the basics – strong passwords, updates and backups.
With strong passwords it is one step closer to being secured from breaches or hacks. We would recommend using password management (e.g. KeePass 2).
A lot of hacks happen, because staff is not aware of the risks. We encourage SMEs to educate more in terms of cyber security. Not only about your website (what to do and what not do to, how to update and patch the vulnerabilities) but also everything that is happening all over the web. Hackers like everyone else innovate and sometimes it is very hard to understand what is legitimate and what not.
Cyber security is often misunderstood as technical problem, almost every breach is directly or in-directly caused by a bad cyber hygiene or just the lack of security awareness. Of course there is a happy ending to the incident mentioned above, the hotel installed firewalls and a new antivirus software, trained its staff and changed the locks into manual (which isn’t actually necessary if you have proper security measures in place.)