Small businesses are nowhere near to being ready to defend against cyberattacks even though nearly half of all targeted cyberattacks are aimed at companies with fewer than 500 employees, a national cybersecurity group said on Monday.
Although two-thirds of U.S. small businesses surveyed said they have become more dependent on the Internet in just the last year, 85 percent consider their companies safe from hackers, viruses, malware, or other network breaches, according to a Zogby International poll sponsored by Internet security firm Symantec and the National Cyber Security Alliance.
"The threats grow in number and complexity each day, but too many small-business owners remain naively complacent," said Michael Kaiser, executive director of NCSA, a nonprofit organization that includes major tech companies ranging from AT&T and Google to Lockheed Martin and Visa.
Attacks against large businesses such as Citigroup and Sony often attract a lot of attention, but government and industry officials say small businesses become the weak link as larger corporations ramp up security.
"The stakes are high for individual businesses and the nation as a whole: A single malware attack or data breach can be fatal to a small enterprise, but the collective vulnerability of all our businesses is a major economic security challenge,” Kaiser said.
He joined Federal Communications Commission Chairman Julius Genachowski, Homeland Security cyber official Greg Schaffer, and other industry leaders at an event on Monday at a U.S. Chamber of Commerce event highlighting the risk to small businesses.
Genachowski unveiled a new website that will launch in November to provide companies with a customized cybersecurity planning guide. The website is a collaborative effort between the FCC, DHS, and businesses such as Symantec, Sophos, and Visa, among others.
“Small businesses that don’t take protective measures are particularly vulnerable targets for cybercriminals,” Genachowski said. “With larger companies increasing their protections, small businesses are now the low-hanging fruit for cyber criminals.”
Simple measures can go a long way to prevent cyberbreaches, he said. These include securing WiFi routers; encrypting data; installing anti-virus and other security software; and training employees.
But many small businesses continue to lag in these areas, the Zogby survey found. Seventy-seven percent of respondents said they don’t have a formal Internet security policy and 49 percent said they don’t even have an informal policy. Nearly half said they don’t offer their employees Internet security training, and only 52 percent of small-business owners said they have a plan for keeping their networks, data, and computers safe.
Genachowski said the new FCC website aims to narrow that gap by giving cash-strapped small businesses the resources to coordinate their approach to cybersecurity.
“We know that hiring cybersecurity experts is costly,” he said. “This tool will be of particular value for businesses that lack the resources to hire a dedicated staff member to protect themselves from cyberthreats.”
The survey was conducted online from Sept. 9 to 21. It included 1,045 small-business owners and has a margin of error of plus or minus 3.1 percentage points.