November 24, 2009

Time for SMBs to step up to the plate

Time and time again, we've seen information security regulations and guidelines delayed due to the burden they might impose on small businesses.

For example, state officials, on multiple occasions, have pushed back enforcement of the Massachusetts data security regulations due to small business complaints, and most recently, the Federal Trade Commission announced it would postpone enforcement of the the Red Flags Rules until next summer.

The economy is partially to blame, and it is a decent justification. After all, many small- and mid-size businesses are having enough trouble simply surviving the worst recession in a half-decade, never mind needing to concern themselves with additional costs.

But then comes astounding alerts from the FBI that hackers have this year seriously turned their attention to smaller organizations as part of their slick, moneymaking operations. Bigger businesses may have the resources to better deal with the problem, and cybercrooks know this. So they now seem to be focusing more on the weakest link. And why not? Raiding the bank accounts of 10 mom-and-pop shops is likely just as valuable as compromising one big business. And probably much easier.

In today's threat landscape, it is incomprehensible for any size organization to consider implementing tougher security controls an unnecessary burden.

I've had discussions with experts about this. And they've told me that securing an organization does not require a great deal of investment. In fact, the basics -- updated anti-virus, patched machines, a comprehensive security policy, employee training, some web and email filtering -- should be enough to keep the bad guys out. The sad part is, many firms simply aren't doing the most fundamental stuff.

There is another side to this coin. Regulators must stiffen their enforcement agendas. Enough submitting to the concerns of business owners. It's 2009. There is no more slack that can be given. The losses are simply too large to bear any longer.

Thanksgiving is a holiday during which to cherish what we have. But the organized cybercriminal groups that always seem to be one step ahead of everyone else want to take all of that away, one phishing email or compromised PC at a time.

It's time the smaller firms fight back.

Previous Post
Next Post
Similar Articles
close

Next Article in The News Team Blog

Sign up for our newsletters

POLL

More in The News Team Blog

Here are eight cyber crooks who got less prison time than Andrew Auernheimer

Here are eight cyber crooks who got less ...

The security researcher and self-proclaimed internet troll earned 41 months behind bars Monday for his role in using a script to retrieve data on roughly 120,000 Apple iPad users from ...

The White House thinks Julian Assange and Jeremy Hammond are no different ...

Whistleblowing organizations like WikiLeaks and accused hacktivists like Hammond are not foreign spies lusting to plunder intellectual property from U.S. corporations and government agencies in order to profit and gain a competitive advantage.

Obama would prefer to prosecute leakers than discuss Stuxnet

The FBI and DoJ are targeting high-level U.S. officials in hopes of learning who released classified information about Stuxnet to the press. What the government is not doing is publicly explaining why it launched Stuxnet.