Half of Small Businesses Believe They're Not ...

Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security

Careers and People

Identity & Access Management

Security Monitoring

Advanced Threats

Insider Threats

Vulnerability Management

To InformationWeek

Network Computing Dark Reading

Advertise

Newest First | Oldest First | Threaded View

[close this box]

Joe Stanganelli

50%

50%

Joe Stanganelli,
User Rank: Ninja
8/29/2018 | 11:01:14 PM

Point of password pedantry

"76% of them say they haven't activated multifactor authentication"

Of those who say that they have, I'd further wonder how many of those are correct -- i.e., truly know what MFA means.

(Classic example of confusion: A password + a password hint is not MFA. It's the same factor ("something you know") duplicated.)

Reply | Post Message | Messages List | Start a Board

50%

50%

REISEN1955,
User Rank: Ninja
8/29/2018 | 10:10:44 AM

Re: As a managed services consultant

All comments appreciated and the two largest impediments to Small Business being security aware is Knowledge and Cost of that Knowledge. Having a CISSP on staff is totally unwaranted expense - there is not that much demand for full-time work and salary? Forget it. THIS is where the consultant can play and needs to play a key, leading role. And most consultants understand servers, active directory, backups, etc and oh scan with malwarebytes --- but not much more than that and have to have an in-depth knowledge of multilple lan networks. The larger managed services shops can also play a larger role than they do.

Reply | Post Message | Messages List | Start a Board

50%

50%

Dr.T,
User Rank: Ninja
8/29/2018 | 9:37:16 AM

Re: As a managed services consultant

“ It is therefore the explicit job of the consultant to educate, advise and prep for cyber security “ I would agree. I do not know if consultants really get any opportunity to educate, they cost too. So still the same problem: Money.

Reply | Post Message | Messages List | Start a Board

50%

50%

Dr.T,
User Rank: Ninja
8/29/2018 | 9:34:30 AM

Re: As a managed services consultant

“But the lack insight, concentrating immed on their own problemsas they have to and do not have insight. ” This makes sense. Not having insight on cybercrime is main problem. If they can just read the news that may help them a lot I would say.

Reply | Post Message | Messages List | Start a Board

50%

50%

Dr.T,
User Rank: Ninja
8/29/2018 | 9:32:08 AM

Re: As a managed services consultant

“They are not CHEAP but some owners just are” One of the ways for them to be secure is to use cloud solutions instead of on-prem systems.

Reply | Post Message | Messages List | Start a Board

50%

50%

Dr.T,
User Rank: Ninja
8/29/2018 | 9:32:07 AM

Re: As a managed services consultant

“They are not CHEAP but some owners just are” One of the ways for them to be secure is to use cloud solutions instead of on-prem systems.

Reply | Post Message | Messages List | Start a Board

50%

50%

Dr.T,
User Rank: Ninja
8/29/2018 | 9:30:13 AM

Re: As a managed services consultant

“small businesses have no idea of IT protocols and hesitate to write checks for any investments.” I agree. Money is one of the reasons why they may not want to pay attention to cyber security.

Reply | Post Message | Messages List | Start a Board

50%

50%

Dr.T,
User Rank: Ninja
8/29/2018 | 9:28:12 AM

51%

This is really a high number. It is hard to understand how anybody would still think that thier organization is not target.

Reply | Post Message | Messages List | Start a Board

50%

50%

REISEN1955,
User Rank: Ninja
8/27/2018 | 3:39:10 PM

As a managed services consultant

i used to support small businesses before moving south and into cyber security but in general small businesses have no idea of IT protocols and hesitate to write checks for any investments. They are not CHEAP but some owners just are. Some of them I hated and some paid me on the spot. But the lack insight, concentrating immed on their own problemsas they have to and do not have insight. It is therefore the explicit job of the consultant to educate, advise and prep for cyber security issues of all kinds. Some wil llisten and some will not. All will get attacked.

Reply | Post Message | Messages List | Start a Board

Editors' Choice

US Formally Attributes SolarWinds Attack to Russian Intelligence Agency

Jai Vijayan, Contributing Writer, 4/15/2021

Dependency Problems Increase for Open Source Components

Robert Lemos, Contributing Writer, 4/14/2021

FBI Operation Remotely Removes Web Shells From Exchange Servers

Kelly Sheridan, Staff Editor, Dark Reading, 4/14/2021

Cybersecurity Risk Management FREE Event 4/22

Earn (ISC)2 CPEs at Interop Digital, April 29

More Informa Tech Live Events

White Papers

What Elite Threat Hunters See That Others Miss: Case Study

How to Optimize Your Windows 10 Defense Strategy

Top Threats to Cloud Computing: The Egregious 11

5 Reasons to Protect your VPN with Multi-Factor Authentication

2021 Application Security Statistics Report Vol.1

More White Papers

Cartoon

Cartoon Archive

Current Issue

2021 Top Enterprise IT Trends

We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!

Download This Issue!

Back Issues | Must Reads

Flash Poll

Battle for the Endpoint

Battle for the Endpoint

How to build a new cyber strategy for 2021 and beyond.

How Enterprises are Developing Secure Applications

Assessing Cybersecurity Risk in Today's Enterprises

The Malware Threat Landscape

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Dark Reading - Bug Report

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2021-3035
PUBLISHED: 2021-04-20

An unsafe deserialization vulnerability in Bridgecrew Checkov by Prisma Cloud allows arbitrary code execution when processing a malicious terraform file. This issue impacts Checkov 2.0 versions earlier than Checkov 2.0.26. Checkov 1.0 versions are not impacted.

CVE-2021-3036
PUBLISHED: 2021-04-20

An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where secrets in PAN-OS XML API requests are logged in cleartext to the web server logs when the API is used incorrectly. This vulnerability applies only to PAN-OS appliances that are configured to us...

CVE-2021-3037
PUBLISHED: 2021-04-20

An information exposure through log file vulnerability exists in Palo Alto Networks PAN-OS software where the connection details for a scheduled configuration export are logged in system logs. Logged information includes the cleartext username, password, and IP address used to export the PAN-OS conf...

CVE-2021-3038
PUBLISHED: 2021-04-20

A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect app on Windows systems allows a limited Windows user to send specifically-crafted input to the GlobalProtect app that results in a Windows blue screen of death (BSOD) error. This issue impacts: GlobalProtect app 5.1 versions...

CVE-2021-3506
PUBLISHED: 2021-04-19

An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c in the f2fs module in the Linux kernel in versions before 5.12.0-rc4. A bounds check failure allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The hi...

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]