30% of SMEs have no data security, says study
More than half of smaller businesses do not think they are at risk of cybercrime, with many having no protective measures in place, according to shock results of a survey cited by infosecurity firm Avast.
Three in ten of the 1,250 SMEs surveyed by Digital said they had no cybersecurity, with nearly 60% believing they are “too small” to be targeted by threat actors – a notion shown to be false by the recent resurgence of the DeadBolt ransomware group.
Avast agrees that SMEs – classed by Digital as businesses with fewer than 500 employees – need to jettison the mythical idea that they will not be targeted by crooks online.
“As we have written about numerous times in past blogs, this is just not true,” it said. “Everyone has some customer and other business-critical data that can be valuable on the dark web for some bad actor. It could be just customer emails or include credit card accounts or social security numbers.”
Other SME facilities that might be targeted included web servers, online bill paying services, and instant messaging.
“All of these could become compromised by a determined adversary, and that could spell disaster,” said Avast, adding that the flagrant lack of concern applied across smaller enterprises in both the digital and conventional “in-person” businesses spheres.
This complacency is all the more worrying given that around one in eight businesses admitted that they had fallen foul of a cyber attack, with customer data often stolen or compromised.
Less than a third ran regular data backups or made use of secure networks, with nearly a quarter of small firms complaining that having cybersecurity measures was “too expensive.” Around one in twenty even believed reports of cybercrime were “overblown.”
More from Cybernews:
Subscribe to our newsletter