At the Visa Security Summit 2009 in Washington DC earlier this month, a panel discussion revealed that cybercriminals have moved away from large organizations and are focusing on Small Midsize Business (SMB's). Reasons cited for the change include improved security at large organizations, and a lack of preparedness at SMB's.
Some interesting data from the discussion:
- 20% of Small Businesses don't use antivirus software
- 60% don't have encryption enabled on their WIFI network
- 66% don't have a security plan in place
An article on the panel discussion at DarkReading.com goes on to say that many Small Businesses don't even know they're targets of cybercrime. According to Chris Gray, a Canadian Chamber of Commerce panelist, “about two-thirds of small and medium-sized businesses believe that large companies are the main target for cybercrime. Yet 85% of the fraud we see in business occurs in small and medium-sized businesses."
The truth is that as Small Midsize Businesses implement standards such as PCI DSS (Payment Card Industry Data Security Standard ), they reduce their exposure to penalties should there be a loss of customer personal data, but there is so much more that could be done to actually prevent a loss. Taking the time to plan your security posture can save your business should a targeted attack occur.
The elements of a good security plan should include at least network security, email security, endpoint security, mobile security and disaster recovery. Unfortunately, you can easily be PCI compliant and have most of the above unresolved.
{rokintensedebate}
Share this
Digg
Del.icio.us
StumbleUpon
Slashdot
Furl
Yahoo
Technorati
Newsvine
Googlize this
Blinklist
Facebook
Wikio
Print
E-mail
Tags