If you are a business that has traditionally stood on the fence when it comes to cyber security, thinking that you're too small with too little budget to allocate to it, time to listen up. Research released by Symantec earlier this year pointed to nearly half of the global attacks logged in 2015 were against small companies with fewer than 250 staff. It's good to remember that being a small business is no excuse for poor security.
In fact, the Verizon Data Breach Investigation Report stated that 63% of data breaches involve leveraging weak, default or stolen passwords, so armed with information - what can companies do? One of the greatest steps organisations can take to improving security comes down to administrator passwords that protect access to the most sensitive areas of a company's network. When these credentials are compromised, it is easier for cyber criminals or malicious insiders to move around the network and infiltrate critical systems and even gain access to customer data. Therefore, addressing this critical area of cyber security, for any business, is a must.
Stolen credentials are one of the easiest ways to exploit small businesses. Many Small and Medium Enterprises (SMEs) may think they don't have the budgets or the means for effective cyber security. But if they change the way they manage the one security element that hackers exploit most - privileged credentials - they can be much more secure. Privileged Account Management (PAM) products protect passwords for powerful privileged accounts - like Windows administrator and Linux root - so that hackers can't leverage them to access critical systems that give away the "keys to the kingdom" or other sensitive information.
Small businesses that think they are too insignificant to warrant proper cyber security efforts need to carefully consider who their customers are and how unhappy those customers would be if their data was compromised due to inadequate security practices. When we look back at Target, one of the biggest data breaches of all time, the breach was discovered to have come through one of Target's small third party vendors with weak passwords that never changed.
Another area traditionally holding back smaller businesses from implementing cyber security controls is the perceived time and resource consumption. However, good Privileged Account Management products can also automate time-consuming manual password changes to ease IT administration burdens. By changing passwords faster than intruders can exploit them, these security products provide real-time containment of attacks that breach the perimeter. Importantly, it can also prevent anonymous "nesting" on the network where criminals gain a foothold in your organisation and bide their time until they strike, stealing IP, customer data and financial information, for example.
Large enterprises are taking cyber security seriously and getting harder to breach. Hackers historically always take the path of least resistance, if that path is via a smaller business with tempting customers, you better believe they will take the easy route. Getting a few basics right, like Privileged Account Management, will go a long way to protecting even the smallest business.
