Many people believe that only large organizations are targets of data thieves. That could not be further from the truth. Size doesn’t matter! Large or small; data exfiltration is a huge risk for businesses. There are over 7 million small and medium sized businesses (SMBs) in the United States and they are rapidly becoming targets of opportunity for cyber thieves.
| Number of Employees | Percent of Breaches | Size Classification |
| 1 to 10 | 2% | SMBs |
| 10 to 100 | 30% | SMBs |
| 101 to 1,000 | 22% | SMBs |
| 1,001 to 10,000 | 26% | Moderately Sized |
| 10,001 to 100,00 | 14% | Large Business |
| More than 100,001 | 3% | Large Business |
Data thieves are no different than any other type of thief when casing a target and evaluating the ease of stealing. Eighty-three percent of data breaches analyzed were not considered to be highly difficult. Data thieves look for targets of opportunity and the specific challenges and constraints faced by SMBs often identify them as easy marks.
Regulatory compliance and legal obligations are now key motivators for securing and protecting sensitive information no matter what size your business. PCI and HIPAA have begun handing down significant fines for not properly adhering to the compliance standards. As time goes on more federal and state laws are enacted requiring organizations to disclose publicly when an incident has occurred. Government and regulatory controls are getting stronger and are more stringently enforced, and it’s impossible to keep a breach out of the news and away from your customers.
The costs have become so significant, many smaller organizations go out of business following an incident. The hard dollar costs are only one negative aspect resulting from a data breach. The one advantage SMBs have over larger organizations is a closer connection to their customers. Loss of customer trust coupled with the distraction brought about by a breach make a compelling case to fortify your security. In a recent study, nearly half of companies believe that they will lose customers and possibly go out of business in the wake of a significant data breach.
Because SMBs typically do have less personnel, budget and time for security programs they often do have worse security controls in place. But this need not be the case. With the emergence of unified threat management platforms (UTMs) the SMB market has a cost-effective tool to safeguard their systems just like the big guys. In addition, managed security service providers (MSSPs) are starting to cater to the SMB market with cost-effective options so organizations can have 24/7 protection for much less than the expense of a single FTE.
UTMs are an all-in-one devices designed specifically for the SMB space. They provide multiple security systems in one package. Typical features include firewall, intrusion prevention system, and anti-virus with various vendors offering anti-spam, content filtering or application firewalls in their device. Augmenting these solutions with an MSSP / SMB offering maximizes return on the technology investment by ensuring 24/7 vigilance and compliance.
Using emerging technologies and services enables SMBs to implement comprehensive security controls on par with the largest enterprises - controls that will cause data thieves to pass them by looking for the next easy mark that isn’t properly secured.
November, 2010
