Many SMBs think they're safe from hackers, but are they?

The protection of valuable intellectual property and business information in digital form against theft and misuse- is an increasingly critical issue. Cloud computing and cyber security have been identified as disruptive technologies that will impact organisations during 2013.

Cyber threats are one of the greatest risks faced by IT organizations today. While government organizations are increasingly involved in cyber security, individual Small and Medium businesses still have responsibility for protecting their own assets. Without action, SMBs of all types face the risk of becoming victims of expensive and damaging cyber attacks.

Cyber security awareness in India is still low among various stakeholders including software and hardware manufacturers, vendors, sellers, redistributors, etc. Many large firms have dramatically reinforced their cyber security skills over the past 5 years.

SMBs are increasingly vulnerable to attack for all the obvious reasons: They lack security expertise; they fall short on budget and resources; they are shorthanded on IT staff; they don't think they're targets. The list goes on. More and more SMBs are requiring that their employees, in particular the new hires, - pick up that slack by coming into the office well-equipped with security acumen. In fact, more than half of SMBs say new hires should have an ethical use of technology, which includes the proper use of e-mail, social networking and other online interactions.

Today, cyberspace is defined by its ubiquitous connectivity. While "anywhere, anytime" connectivity brings untold benefits to society, it also presents serious risks. As networks increase in size, reach, and function, their growth equally empowers law-abiding citizens and hostile actors a like.

Small-business owners often think they're immune to cybercrime, figuring that hackers are after bigger fish. A recent survey by the National Cyber Security Alliance and Symantec found that 77% of small and medium-size businesses believe they're safe from hackers, viruses and malware. And 83% of SMBs take no formal measures against cyber threats-even though almost half of all attacks are aimed at SMBs.

Today nearly 90% of small and midsize businesses bank online, making accounting and finance easier, but also opening their accounts to attack. And SMBs are increasingly letting employees bring their own mobile devices on to company networks. About 40% of managers worry about the risk that this practice creates for information security, according to the Sophos 2012 Network Security Survey of more than 570 global IT decision-makers.

Cloud computing opens up a new world of opportunities for businesses, but along with these opportunities come numerous security challenges that need to be considered and addressed prior to committing to a cloud computing strategy. Cloud computing security challenges can be divided into 3 categories:

Data Protection: Implementation of a cloud computing strategy means providing a third party with all the critical data, so it is of utmost importance to ensure that data remains secure both at rest as well as in transit. Data needs to be encrypted at all times with clearly defined roles, especially when it comes to who will be looking after the encryption keys.

User Authentication: Data residing in the cloud should be made accessible only to those authorized to do so, making it important to restrict and monitor who will be accessing the company's data on the cloud. In order to safeguard the integrity of user authentication, companies need access to the data access logs and audit trails to confirm that only authorized personnel are accessing data.

Disaster and data breach contingency planning: As the cloud is serving as a single centralized repository to a company's critical information, the danger of that data being compromised due to data breach or temporarily made unavailable due to a natural disaster are real concerns. Most of the liability for the disruption of data in a cloud in the end rests alongside the firm whose critical operations depend on that data, although liability should be negotiated with the service provider prior to commitment.

 

For sure, cybersecurity can help achieving resilience and integrity across the critical information infrastructure of the smarter enterprise, which requires more secure government, cities, utilities, transportation systems, water supplies and telecommunications. Government and private sector clients are beginning to utilize smarter systems and are seeking answers for how to secure and govern these systems.

As these systems get smarter, we all have the collective responsibility to also make them secure and reliable. Fortunately, this is a future we can have, if we come together with forethought to design security and privacy for a smarter and secure enterprise