Is Your SMB a Target for Cyber-Criminals because You do Business with Bigger Companies?

SMBs Targets for Cyber-Criminals because of relationship with bigger companies
SMBs Targets for Cyber-Criminals because of relationship with bigger companies

Data breaches in the year 2013-2014 have shown a trend where larger companies with security mechanisms in place were breached through a third-party vendor. The Target breach started with compromised credentials belonging to a HVAC firm that had access to Target’s network. Also, nearly 400 Dairy Queen Locations (and one Orange Julius location) were compromised by malware named “Backoff”. Investigations showed that compromised account credentials from a Small and Mid-sized Business were initially used to get into Dairy Queen’s systems. In recent times, attacks targeting larger companies have shown small and mid-sized businesses as the initial starting point for accessing their networks or systems. Examples include breaches that occurred at Lowe’s and Goodwill industries.

Why do cyber-criminals target SMBs? Small and Mid-size businesses (SMBs) are the weakest link, and the path of least resistance into a robustly secured company network. It is a well-known fact that SMBs invest less in cyber-security than larger companies because of cost. As larger businesses look into improving their security posture, many will look at the security postures of SMBs before conducting business. As the trend of initially attacking third-party vendors to breach the security of larger businesses becomes widespread, there will be several drivers for improved security of SMBs, in addition to requirements placed by larger businesses. One of those drivers will be legislation requiring SMBs to have appropriate security measures in place when doing business with the government. Another driver will be for insurance purposes, insurance companies may factor-in their policy premium based on existing security measures SMBs have in place.

SMBs are in the cross hairs of cyber-criminals based on the relationship that exists with larger businesses. This relationship is one reason amongst many to improve your security posture as part of running a successful business.

Follow me

About the Author

Edward Obodo
Edward Obodo is a Certified Information Systems Security Professional (CISSP). His educational background in computer science has given him a broad base from which to approach many topics related to cyber-security. He has spent over 10 years providing information security solutions for Fortune 500 companies.

Be the first to comment on "Is Your SMB a Target for Cyber-Criminals because You do Business with Bigger Companies?"

Leave a comment

Your email address will not be published.


*