SMBs are not immune from cyberattacks

Small- and medium-sized businesses (SMBs) are the backbone of the Hong Kong economy. Hong Kong SMBs make up 98 percent of all Hong Kong companies, providing 1.3 million job opportunities, which makes up almost half of the total employment in Hong Kong. Recognizing the challenging global economic outlook for 2017, SMBs in Singapore are realizing the need to transform and adapt to slowing growth with technological change. With SMBs as a primary target for ransomware attacks as they are an easy targets due to their insufficient measures for cyber security.

As more businesses increase productivity by digitizing data, automating processes and offering services online, they become more susceptible to risks online. SMBs also have sensitive information from employees and customers, proprietary information about products, and they often are part of a global supply chain for other companies. Every business is a target, regardless of size, and none can afford to ignore the security of its IT infrastructure.

The SMB lots of assets, limited resources

SMBs may assume they have little to interest hackers and therefore put cyber security on the back burner. We know this isn’t true. Hospitals, for example, hold sensitive health information and have networked medical devices at risk. Unfortunately, some learned the hard way with episodes of ransomware disrupting business and damaging reputations.

It is not just a company’s own information and systems that are at risk. SMBs have been the channel in high-profile breaches that compromised millions of records. Attackers use a weak link in the administrative accounts to gain extensive control over sensitive data and IT systems, which can cause chaos in every organization. These accounts are often overlooked and therefore present a path of least resistance, and can be powerful weapons in the wrong hands.

Businesses today run on IT. This makes cyber security a business necessity as well as a technology requirement. A strong security program can not only protect a business’s assets, it can also give it a competitive advantage.

Although SMBs face the same cyber security challenges as large businesses, they often have fewer resources and little in-house expertise to address these challenges. This makes it important that they get the best return on their security investments by prioritizing the right things in their security programs.

The need to know

Cloud computing and hosted services can make advanced technology affordable, and SMBs often find it cost-effective to outsource many IT functions, including security. But at the end of the day, each business is still responsible for its own security. Owners and executives need to understand the basics of cyber security, know what their service providers are doing and what questions to ask of them.

Security needs will vary depending on circumstances. Each company must understand its attack surface—vulnerable areas in the IT environment that could breached to compromise systems—and the impact of each potential breach. By assessing the impact, vulnerabilities can be prioritized, so that the cyber security program focuses on the areas needed to manage risks.

The key to protecting an IT infrastructure is privileged accounts. These accounts, if compromised, can effectively turn an intruder into an insider, giving the attacker rights to move throughout the network, escalate privileges, change settings and configurations and access data. When allocating scarce cyber security resources, privileged accounts must be identified, assessed and prioritized.

An SMB IT infrastructure may not be as complex as a global enterprise, but the benefits of a layered approach to cyber security applies to all. Additionally, there are documented best practices and basic cyber hygiene practices that should be followed.


Jeffrey Kok is Director of Pre-Sales, APJ at CyberArk

Suggested Articles

Experts believe current public key encryption could be vulnerable to being broken by quantum computing

Facebook confirmed hundreds of millions of user passwords were being stored in a “readable format” on its servers, accessible to internal employees

SmarTone has launched a line of cybersecurity solutions for enterprises based on a three-pronged strategy of people, processes, and technology