Smaller organizations have a lot on their plates. They face many of the same pressures and threats as enterprises, but their scale often means that they lack both the skills and resources to properly address these problems.
When it comes to cyber security, SME (Small-to-Medium Enterprise) attitudes can be all over the place. Some don’t put much thought into it, thinking that they’re too small to be a target. Cyber threats may not even be on their radar, especially if they’ve been lucky enough to avoid being attacked so far.
Other companies take the threats more seriously but don’t know how to defend themselves appropriately. This can be a significant challenge, particularly if they don’t have any security experts on their staff.
SMEs also tend to lack a Chief Information Officer (CIO) and a Chief Information Security Officer (CISO) which means that their IT teams often report to business management. Unfortunately, many management teams don’t have the relevant IT knowledge and they may not understand the cyber security issues that their company faces. This makes it a challenge to form adequate policy and to allocate the necessary funds for defenses.
If your company’s approach to security is similar to any of these situations, it faces significant risks. The chances of cyber attacks are much higher than many small businesses like to believe. According to a Ponemon Institute survey conducted on IT personnel from SMEs, 61% of the respondents reported a cyber attack against the business they worked for.
Read the rest of this post »