Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

10/17/2019
03:00 PM
Connect Directly
Twitter
RSS
E-Mail

State of SMB Insecurity by the Numbers

SMBs still perceive themselves at low risk from cyberthreats - in spite of attack statistics that paint a different pictur
2 of 8

SMB Security Incidents Remain High

Most SMBs have experienced cyberattacks and data breaches over the past year, according to Ponemon Institute. While the percentage of organizations that experienced an incident dipped by a percentage point worldwide, it's still up over the past two years. In particular, SMBs in the US have seen a dramatic rise in incidents over the past three years. Whereas just 55% in 2016 reported being victims, this year 76% say they've been hit by an attack in the past 12 months.

Image Source: '2019 Global State of Cybersecurity in Small and Medium Sized Businesses,' Ponemon Institute/Keeper Security

SMB Security Incidents Remain High

Most SMBs have experienced cyberattacks and data breaches over the past year, according to Ponemon Institute. While the percentage of organizations that experienced an incident dipped by a percentage point worldwide, it's still up over the past two years. In particular, SMBs in the US have seen a dramatic rise in incidents over the past three years. Whereas just 55% in 2016 reported being victims, this year 76% say they've been hit by an attack in the past 12 months.

Image Source: "2019 Global State of Cybersecurity in Small and Medium Sized Businesses," Ponemon Institute/Keeper Security

2 of 8
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
Franois Amigorena
50%
50%
Franois Amigorena,
User Rank: Author
11/4/2019 | 5:55:33 AM
The business benefits for IT security in SMBs
SMBs that grasp the business benefits are often further ahead. They understand that any competitor can nowadays quickly adopt a new technology to gain new capabilities, improve efficiency and/or reduce costs. However, each new application does create a need to secure users, data and the environment that the solution integrates into. Those that treat security as an onerous requirement that is invoked each time a new technology is contemplated will be slow to adopt – and slow to profit from – new efficiencies.

SMBs that build effective IT security frameworks are able to move more quickly and surely than their competitors. Environments without effective IT security solutions will have difficulty innovating and are likely to fall behind more nimble competitors.
FLYING J3
50%
50%
FLYING J3,
User Rank: Apprentice
10/21/2019 | 4:02:59 PM
Re: cyber risk change hits small biz
If your a contractor with the DOD they are going to be requiring you to have a Cybersecurity Maturity Model Certification sometime in 2020. Because they are forcing this, Cybersecurity is going to be an alowable cost on new contracts sometime in mid to late 2020. .
blackjack0021
50%
50%
blackjack0021,
User Rank: Apprentice
10/21/2019 | 1:33:44 PM
cyber risk change hits small biz
As long as Security expense is optional then most SMB can't afford to add it. The market doesn't let them charge more if they do, and competitors will always run the risk or cut corners and costs. As Bruce Schneir points out in Click Here To Kill Everyone, if the cost of security measures isn't required of everyone then the market actually penalizes you for doing it. Customers of SMB especially have no way to know if your company is doing it right or better. There is no competitive advantage. It's a proverbial Catch 22. I've done consulting for SMB, super small <10 people up to midsize I'd guess around 2000, but I'm an enterprise guy mostly. There is a special focus for SMB on free- or low-cost solutions that is almost alien to most enterprise people. It just presents many different challenges.
Cybersecurity Team Holiday Guide: 2019 Gag Gift Edition
Ericka Chickowski, Contributing Writer,  12/2/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19647
PUBLISHED: 2019-12-09
radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted input.
CVE-2019-19648
PUBLISHED: 2019-12-09
In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution.
CVE-2019-19642
PUBLISHED: 2019-12-08
On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or ShareNa...
CVE-2019-19637
PUBLISHED: 2019-12-08
An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_decode_raw_impl at fromsixel.c.
CVE-2019-19638
PUBLISHED: 2019-12-08
An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function load_pnm at frompnm.c, due to an integer overflow.