The bulk of cyber events in the news are focused on large multinational organizations and government departments. Newsworthy events are in fact always newsworthy.
These are the organizations we hope and believe are focused on protecting the information that we unwittingly give them through our interaction.
An attack on them makes for great copy. But, the overall problem with cyber events is not the big fish. The big fish are known to have millions of records that should be protected from a cyber-attack. Not protecting them reflects in spectacular thefts and large-scale reputation failures. Newsworthy events!
Large organizations have the expertise, the finances and the understanding that they have to protect their client’s information in the best way possible. SME’s do not!
How many SME’s have gone out of business after a cyber event is unknown. Some of the statistics are available, but not many are focused on whether it was poor management and cash flow or a cyber event that damaged their business to a point where it was unrecoverable.
Did it put them out of business?
One of the things I discovered a couple of years ago is the way the cybercriminal works.
There is a large correlation between the script kiddies and the true hackers, one that is not really known, but every now and then becomes visible.
The Internet is a great resource. It is a great resource for us, but it is an even greater resource for the budding cybercriminal. The Internet can put the budding script kiddy in contact with the true hacker. That contact can be very problematic for SME’s.
What are my targets, after a little research - SME’s with access to trusts, intellectual property, large amounts of cash or the new one, critical infrastructure?
These targets have reduced business intelligence, lack complex systems, lack digital expertise, but more importantly have a blaze attitude to security.
You know the attitude well - it will not happen to me, we have nothing worth stealing or she’ll be right.
Will an SME survive having its trust fund drained - probably not!
Protecting our digital assets is no longer a multinational organization’s problem, it is everyone’s problem, everyone with a digital device has the problem and has to be part of the solution.
By Roger Smith