SCOTTSDALE, Ariz.—Small businesses, including small credit unions, need to bolster their cyber defenses, a new report indicates.
Cyber attacks are shifting from large corporations to Main Street, where smaller businesses often are more vulnerable because they’re less prepared, explained Brian Huntley, senior information security adviser at IDT911 Consulting, in the report, titled “Third Certainty.”
Huntley said thieves are quick to learn that small businesses detect intrusions or breaches at a slower pace, often months or years after the initial point of exposure, making them an attractive target.
Huntley added that a National Small Business Association report indicated that by the end of 2014 that half of small businesses reported having been the victim of a cyber attack, up from 44% in 2013. Of those, 61% say an attack had occurred within the last year.
“Small and mid-size businesses are more susceptible because they usually lack the technical and financial resources to protect data,” stated Huntley in Third Certainty. “They often have little understanding of the type and volume of information in their systems, or what is shared with third parties such as payroll-service providers and employee benefits providers. They also may lack strong leadership expertise in data-privacy risk management.”
Small and mid-size businesses also are at risk of being breached in a case of insider theft or by a third-party breach, such as through a partner vendor or a service provider, Huntley added.