Security News

Study Reveals Top Reasons Why Companies Are Struggling To Fend Off Cyberattacks

Companies with just one employee are finding themselves victims of cybercrime, which Continuum Managed Services CEO Michael George says has become the No. 1 form of organized crime in the world.

Amanda Naor never thought her photography business would be of interest to hackers, but in 2018 she found herself facing the same problem as some of the biggest corporations.

“I’m just a small photographer. I have nothing of value to hackers,” Naor said.

Unlike Target and Capital One, Naor’s Los Angeles-based photography business has only one employee: herself. And her website has nothing more than blog posts and photos of newborns. Yet, hackers still targeted her website with malware.

“How it was explained to me was that hackers use these websites that don’t have anything for practice. It’s kind of their playground,” Naor said.

It’s a rising trend: Small and midsize businesses have become hot targets for hackers who are looking for weak links in the supply chain.

“Cybercrime has become—in the small- and medium-sized-business environment and in business and commerce in general—the No. 1 form of organized crime in the world,” said Continuum Managed Services CEO Michael George.

A recent study by Sophos backs that up: Sixty-eight percent of the 3,100 companies surveyed suffered an attack in 2018. Many of those breached said they didn’t know how it happened and said they’re struggling to keep up. According to the findings, 79 percent said recruiting people with the skills they need is a challenge, and 66 percent said their organization’s cybersecurity budget is below what’s needed.

“I think there’s a real opportunity here for those of us who do have knowledge to figure out how we can more effectively share that information with organizations because not every company is going to be able to have a lab full of researchers,” said Chet Wisniewski, principal research scientist at Sophos.

BitSight CEO Tom Turner suggests that resellers focus on advanced services to better serve SMB customers.

“Whether that’s being able to provide out-of-the box turnkey third-party risk management for a set of companies, whether that’s the ability to provide benchmarking services so that the business discussion of cybersecurity is held efficiently and in a common language in the boardroom to the practitioner level—these are the differentiated services that cybersecurity resellers should be focusing on in addition to the traditional platform offerings they have,” said Turner.

For more coverage, watch CRN’s video included in this article.