Identity Management – Is the Threat of Cyber-Security a Greater Risk to SMEs Than Larger Corporations

Recent statistics have highlighted that UK businesses are subject to as many as 1,000 cyber-attacks an hour due to a lack of identity management within their workforce. Yet have you ever wondered which businesses are suffering the most. Which UK businesses are more likely to be a target for hackers? Most people mistakenly assume it’s the large corporations with the most valuable assets and information, but statistically it’s SMEs who are suffering indiscriminate attacks from hackers. According to Alan Woodward, professor of Computing Science at the University of Surrey, businesses employing a few hundred people or less are most at risk from hackers.

Prof Woodward believes that these smaller businesses are at risk because they are not taking the necessary security precautions: they feel that any information they may hold will have little hard cash value to criminal gangs, so they fail to take steps to insulate themselves from attack. However, this is misguided in his opinion. Even the smallest business can hold information that could prove to be a sellable commodity to criminals: customer names and addresses, credit card details and designs vital to an innovative start-up will all have considerable value on the criminal market.

He believes there is mounting evidence that small businesses could in fact turn out to be the UK’s Achilles heel in terms of cyber-security. These small businesses may not fully realise their value, but they are in fact the foundation upon which the economy rests: if they are destabilised by hackers and crash, then there’s a likelihood that everything else will come crashing down along with them.

So how serious is the cyber-threat to small businesses? Over the course of the last 12 months a number of surveys have been published suggesting that over 60 per cent of small businesses have suffered some form of malware attack, principally because they don’t have the funds to employ skilled IT professionals to safeguard their servers, unlike larger corporations. Yet it is possible to protect servers from cyber-intrusion even by employing the most basic security precautions, so this clearly demonstrates how poorly prepared most small businesses are for the eventuality.

In fairness most small businesses are run by entrepreneurs, not security experts and may not always have the correct identity management procedures in place.  Even those who recognise the threat of cyber-intrusion often view the threat as more of a remote possibility, so it ranks low on their list of priorities. Unfortunately the surveys would tend to suggest that 20 per cent of SMEs only become concerned about cyber-security issues after they have experienced an intrusion. More worryingly, one report indicates that 10 per cent of small businesses would have absolutely no way of knowing whether they had experienced a successful attack or not.

So are hackers simply targeting small businesses for the information they may hold, or are fishing for a bigger catch? Cyber-criminals recognise that smaller businesses can often be a way of reaching onward to the larger firms: hackers can get a foot in the door of larger corporations by targeting small businesses in the supply chain. Obviously it makes sense for the hackers to target the weakest link in that chain. If you consider that the supply chains of some of the largest, hyper-connected international corporations can run into tens of thousands of smaller companies, then there are countless weak links for the hackers to target.

As smaller businesses feed the larger businesses, those larger businesses are becoming acutely aware that potentially valuable assets and intellectual property could be at risk somewhere further down their supply chain.

So small businesses wishing to join large supply chains have to be able to demonstrate that they can protect the intellectual property entrusted to them enforced through identity management, and that means they cannot put off the issue of cyber-security any longer. This has now become a major issue for small businesses. Many larger corporations who disseminate valuable intellectual property to large distributed supply chains, track and audit who has access to what data. If they discover that a leak has come from one of the smaller businesses lower down the chain, then they will dispense with their services. So SMEs will therefore need to seek expert advice from intrusion protection specialists to ensure that they are able to protect their own and their client’s valuable data.

Click here to find more information about Whitehall Media’s Identity Management conference.