The perfect storm - hackers eye on SMB

Billy Austin

Managed Service Providers to the Rescue...

Every organization would be thrilled if it could scratch it's name from tomorrow's Hurricane of Data Breaches. Unfortunately for the small-midsize business (SMB), they are finding themselves on the coastlines of a data breach storm. Let's face it; generating revenue is the priority. When it comes to IT security and compliance, most do not have a dedicated or experienced IT professional on staff they can rely upon.

After analyzing scan results (March 2014) from thousands of SMBs around the globe, the average desktop revealed 210 vulnerable entry points mostly from outdated third-party apps such as Adobe, JAVA and popular browsers.


Figure 1. Desktops storing unprotected PII data

Furthermore, 96% of these vulnerable desktops exposed unencrypted cardholder and/or social security data at rest, putting their business at risk. We predict this is only the eye of the storm or the calm before additional devastation occurs.

There are now over 10.8 million North American small businesses tasked with obtaining either PCI or HIPAA internal scanning requirements. This includes everything from Tony's Tacos and Dave's Bike Shop to your local Dentist, all storing our credit card among other forms of our personal identifiable information (PII) at risk.

When we review the business operation of SMB owners, their business plan never embraced security as a cost center, much less the skill sets needed to protect and secure. In fact, when SMBs historically sought solutions, they ended up accepting the risk due to price and complexity of the solution, or think they are too small for their business to be in eyesight of the calm before the storm.

Data thieves and hackers fathom that SMBs have weaker defenses while storing a monstrous volume of valuable PII.


Figure 2. APT Data Breach example

Over the past several weeks, we demonstrated how data breaches occur to managed service providers, tasked with safeguarding and assessing the endpoint for these businesses at risk. The largest growth area for targeted attacks over the past few years are businesses with fewer than 250 employees. This is bad news for SMBs without a means of identifying their security posture.

The lack of security and protection of PII data threaten all of us, not just the business. Without a doubt, MAX Risk Intelligence and our MSP customers are making an impact to what is before us, The Perfect Storm, of security incidents and data breaches.

Avoid the perfect storm by identifying unprotected data at rest before an incident occurs.

To know what you don't know is a powerful step to prevent data theft.