A third of SMBs unaware they've been cyber attack victims

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.computing.co.uk/ctg/news/2307942/a-third-of-smbs-unaware-theyve-been-cyber-attack-victims

One-third of small and midsize businesses (SMBs) have no idea if the
organisation has been the victim of cyber crime or malicious hackers in the
past 12 months, while management in over half of SMEs don't see cyber
attacks as significant risks.

That's according to the Risk of an Uncertain Security Strategy study
conducted by independent research firm Ponemon Institute sponsored by
security solutions provider Sophos, which highlights that SMBs need better
help to understand the potential threats of cyber attacks.

"One-third of respondents admit they are not certain if a cyber attack has
occurred in the past 12 months," said the report.

Because of this lack of knowledge about the frequency and magnitude of such
attacks, actionable intelligence appears to be deficient," it continued,
adding that in order to remedy the problem IT managers "will be investing
in big data analytics and network traffic intelligence over the next three
years."

The research claims that cyber attacks have cost SMBs an average of $1.6m
(£1m) over the past 12 months, the cost of which will only rise if both the
IT department and management fail to gain a better understanding of
increasing cyber threats.

That's especially the case if organisations can't get a grasp of changes in
the workplace brought about by the likes of BYOD and cloud technology.

"Small and midsize organisations simply cannot afford to disregard
security. Without it there's more chance that new technology will face
cyber attacks, which is likely to cost the business substantial amounts,"
said Larry Ponemon, president of the Ponemon Institute, who warned that
security should always come first when adopting new technologies.

"CIOs are under pressure to implement new technology that informs agile and
efficient ways of working, but this should not take precedence over
security.

"The industry needs to recognise the potential dangers of not taking cyber
security seriously and create support systems to improve SMB security
postures," he said.

Gerhard Eschelbeck, chief technology officer for Sophos, argued the
research demonstrates security is increasingly "taking a back seat".

"The scale of cyber attack threats is growing every single day, yet this
research shows that many SMBs are failing to appreciate the dangers and
potential losses they face from not adopting a suitably robust IT security
posture," he said.

"Today in SMBs, the CIO is often the 'only information officer', managing
multiple and increasingly complex responsibilities within the business,"
Eschelbeck continued.

"However, these OIOs can't do everything on their own and as employees are
demanding access to critical apps, systems and documents from a diverse
range of mobile devices, it would appear security is often taking a back
seat," he added.

The report recommends that organisations need to focus on monitoring,
reporting and proactively detecting threats, and formulate best practice
for mobile and BYOD.

It also suggests organisations keep a proper record of the cost of cyber
attacks, including downtime and loss of productivity caused by malicious
hackers.

The research surveyed more than 2,000 respondents across the US, UK,
Germany and Asia-Pacific.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.