Thursday, July 3, 2008

Small Businesses Are Not Immune From Attack

Large businesses have long known that they are targets for malicious attackers and have taken proactive steps to prevent intrusions.

A common misperception among small businesses(*) is that they are safe from attack. Statements like “who would want to attack us” or “we don’t store information anyone would be interested in” are often what the owners and managers of small businesses think to themselves when it comes to Internet security. They assume they are safe because “we have a firewall in place and our IT guys said we were ok”. Nothing could be further from the truth.

The reality is that random IP scans go on all day long with the attackers looking for nothing more than an easy target. Aside from purposeful, targeted attacks perpetrated by criminals, random trolling for unsuspecting targets make up the greatest percentage of attacks. It’s not so much that businesses fail to take Internet security seriously, but that they don’t really have a handle on where their vulnerabilities lie. Additionally, IT staff (if there is one) are too busy putting out the daily fires to really take the time to fully understand and appreciate where they are vulnerable.

The solution is simple. Engage a qualified, certified third party to conduct a vulnerability assessment and penetration test. Using a combination of open source, commercial and self-developed tools, these security professionals will assess your environment and make specific recommendations to “close the doors” and ultimately provide a disincentive for malicious attackers from choosing you as a target.

(*) Businesses with revenues under $50m.

No comments: