Small businesses are “soft targets” of cybercriminals since they lack focus on information technology (IT) strategy, according to secure content and threat management solutions developer Kaspersky Lab.
Based on the Kaspersky Lab’s 2014 IT Security Risks summary report, very small businesses (VSBs) with fewer than 25 employees are the least likely to view “IT Strategy” as a top strategic concern.
Among all the VSBs worldwide, only 19 percent reported IT Strategy as one of their top-two strategic concerns, compared to 30 percent of businesses with more than 100 employees, and 35 percent of enterprises with 5,000 employees or more.
Kaspersky Lab believes that VSBs, which are often startups struggling to establish themselves, most often don’t have the money or IT expertise to properly implement vital IT components like security software.
“Every successful business needs an efficient IT strategy. Unfortunately, VSBs are not capable to correctly implement IT elements such as security software because they may lack the expertise or financial resources,” said Jimmy Fong, Channel Sales Director of Kaspersky Lab Southeast Asia.
Citing estimates by the International Data Corporation, Kaspersky Lab also revealed that 80 million businesses worldwide with fewer than 10 employees believe that they are too small to be targeted by cybercriminals.
However, the reality is that many VSBs adopt the “security by obscurity” mentality, believing that they are too small to be targeted by cybercriminals and don’t have any data that cybercriminals would want.
According to Verizon’s 2013 Data Breach Investigations Report, 193 of the 621 breaches analyzed – more than 30 percent – occurred at companies with 100 or fewer employees.
Kaspersky Lab warns that cybercriminals will also need less effort to successfully attack numerous VSBs instead of a single larger business. And unlike larger enterprises with sufficient funds to recover from a cyberattack, small businesses may be driven to bankruptcy due to costs of lost customer data, significant time spent offline, and associated clean-up expenses.
“Small businessmen must realize that they are also attractive targets for cyberattacks because they may not have a proper anti-malware strategy or layered protection and they hold crucial financial and customer data,” Fong said.
Kaspersky Lab notes that the insights on VSBs and their vulnerability to cybercrimes have huge implications to a country like the Philippines, where almost all businesses are micro or small enterprises.
Based on 2012 government figures, there are 944,897 business enterprises operating in the Philippines. Of these, 89.78 percent (844,764) are micro enterprises (one to nine employees) while 9.78 percent (92,027) are small enterprises (10 to 99 employees).
“Statistics show that micro and small businesses form virtually the entire Philippine economy. Just imagine the economic impact if a significant number of these enterprises are affected by cyberattacks,” Fong said.
The issue of cybersecurity among small businesses is also timely for the Philippines with the recent enactment into law of the “Go Negosyo Act,” a legislation that will give a major boost to the development of micro and small enterprises by helping entrepreneurs to register and start up their businesses, as well as gain access to sources of financing.
According to the Kaspersky Lab report, 32 percent of VSB survey respondents that lost business data from a cyberattack reported “Malware” as the cause of their most serious incident.
Another significant source of data loss for VSBs was traced back to “Software Vulnerabilities,” reported by nine percent of VSBs, a rate that is nearly the same as the global average of eight percent citing this factor. This means software vulnerabilities are a security issue that affects businesses regardless of size, Kaspersky Lab said.
Because of these factors, Kaspersky Lab is recommending its Kaspersky Small Office Security as an investment that micro and small Philippine businesses should consider. It is built to include business-grade technologies in a form that doesn’t require IT expertise to operate.
Kaspersky Small Office Security also includes the industry’s leading anti-malware engine, along with a software vulnerability scanner to identify any machines that could be exploited by cybercriminals.
It also has both malware protection and anti-theft features for mobile devices and data encryption tools to ensure customer data is protected from theft or accidental deletion.
