Half of Small Businesses Believe They're Not ...

Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security

Authentication

Mobile

Privacy

Compliance

Identity & Access Management

Security Monitoring

Advanced Threats

Insider Threats

Vulnerability Management

To InformationWeek

Network Computing Dark Reading

Advertise

Newest First | Oldest First | Threaded View

[close this box]

Joe Stanganelli

50%

50%

Joe Stanganelli,
User Rank: Ninja
8/29/2018 | 11:01:14 PM

Point of password pedantry

"76% of them say they haven't activated multifactor authentication"

Of those who say that they have, I'd further wonder how many of those are correct -- i.e., truly know what MFA means.

(Classic example of confusion: A password + a password hint is not MFA. It's the same factor ("something you know") duplicated.)

Reply | Post Message | Messages List | Start a Board

50%

50%

REISEN1955,
User Rank: Ninja
8/29/2018 | 10:10:44 AM

Re: As a managed services consultant

All comments appreciated and the two largest impediments to Small Business being security aware is Knowledge and Cost of that Knowledge. Having a CISSP on staff is totally unwaranted expense - there is not that much demand for full-time work and salary? Forget it. THIS is where the consultant can play and needs to play a key, leading role. And most consultants understand servers, active directory, backups, etc and oh scan with malwarebytes --- but not much more than that and have to have an in-depth knowledge of multilple lan networks. The larger managed services shops can also play a larger role than they do.

Reply | Post Message | Messages List | Start a Board

50%

50%

Dr.T,
User Rank: Ninja
8/29/2018 | 9:37:16 AM

Re: As a managed services consultant

“ It is therefore the explicit job of the consultant to educate, advise and prep for cyber security “ I would agree. I do not know if consultants really get any opportunity to educate, they cost too. So still the same problem: Money.

Reply | Post Message | Messages List | Start a Board

50%

50%

Dr.T,
User Rank: Ninja
8/29/2018 | 9:34:30 AM

Re: As a managed services consultant

“But the lack insight, concentrating immed on their own problemsas they have to and do not have insight. ” This makes sense. Not having insight on cybercrime is main problem. If they can just read the news that may help them a lot I would say.

Reply | Post Message | Messages List | Start a Board

50%

50%

Dr.T,
User Rank: Ninja
8/29/2018 | 9:32:08 AM

Re: As a managed services consultant

“They are not CHEAP but some owners just are” One of the ways for them to be secure is to use cloud solutions instead of on-prem systems.

Reply | Post Message | Messages List | Start a Board

50%

50%

Dr.T,
User Rank: Ninja
8/29/2018 | 9:32:07 AM

Re: As a managed services consultant

“They are not CHEAP but some owners just are” One of the ways for them to be secure is to use cloud solutions instead of on-prem systems.

Reply | Post Message | Messages List | Start a Board

50%

50%

Dr.T,
User Rank: Ninja
8/29/2018 | 9:30:13 AM

Re: As a managed services consultant

“small businesses have no idea of IT protocols and hesitate to write checks for any investments.” I agree. Money is one of the reasons why they may not want to pay attention to cyber security.

Reply | Post Message | Messages List | Start a Board

50%

50%

Dr.T,
User Rank: Ninja
8/29/2018 | 9:28:12 AM

51%

This is really a high number. It is hard to understand how anybody would still think that thier organization is not target.

Reply | Post Message | Messages List | Start a Board

50%

50%

REISEN1955,
User Rank: Ninja
8/27/2018 | 3:39:10 PM

As a managed services consultant

i used to support small businesses before moving south and into cyber security but in general small businesses have no idea of IT protocols and hesitate to write checks for any investments. They are not CHEAP but some owners just are. Some of them I hated and some paid me on the spot. But the lack insight, concentrating immed on their own problemsas they have to and do not have insight. It is therefore the explicit job of the consultant to educate, advise and prep for cyber security issues of all kinds. Some wil llisten and some will not. All will get attacked.

Reply | Post Message | Messages List | Start a Board

Editors' Choice

COVID-19: Latest Security News & Commentary

Dark Reading Staff 4/7/2020

The Coronavirus & Cybersecurity: 3 Areas of Exploitation

Robert R. Ackerman Jr., Founder & Managing Director, Allegis Capital, 4/7/2020

'Unkillable' Android Malware App Continues to Infect Devices Worldwide

Jai Vijayan, Contributing Writer, 4/8/2020

Webinars

How to Effectively Analyze Security Data

Malicious Insiders: Real Defense for Real Business

Building a Strategy for Detection and Response

Webinar Archives

White Papers

Hacker's Almanac

Threat Hunting with Zeek Guide

Global Password Security Report

Two-Factor Evaluation Guide

Threat Intelligence Spotlight: The Shifting Framework of Modern Malware

More White Papers

Video

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: This comment is waiting for review by our moderators.

Cartoon Archive

Current Issue

6 Emerging Cyber Threats That Enterprises Face in 2020

This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

State of Cybersecurity Incident Response

State of Cybersecurity Incident Response

Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.

Download Now!

How Enterprises Are Developing and Maintaining Secure Applications

How Enterprises are Attacking the Cybersecurity Problem

How Data Breaches affect the Enterprise

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Dark Reading - Bug Report

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2020-11668
PUBLISHED: 2020-04-09

In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.

CVE-2020-8961
PUBLISHED: 2020-04-09

An issue was discovered in Avira Free-Antivirus before 15.0.2004.1825. The Self-Protection feature does not prohibit a write operation from an external process. Thus, code injection can be used to turn off this feature. After that, one can construct an event that will modify a file at a specific loc...

CVE-2020-7922
PUBLISHED: 2020-04-09

X.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may allow an attacker with access to the Kubernetes cluster improper access to MongoDB instances. Customers who do not use X.509 authentication, and those who do not use the Operator to generate their X.509 certificates are u...

CVE-2018-21034
PUBLISHED: 2020-04-09

In Argo versions prior to v1.5.0-rc1, it was possible for authenticated Argo users to submit API calls to retrieve secrets and other manifests which were stored within git.

CVE-2020-1895
PUBLISHED: 2020-04-09

A large heap overflow could occur in Instagram for Android when attempting to upload an image with specially crafted dimensions. This affects versions prior to 128.0.0.26.128.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]