There’s an old story about two friends hiking in the woods that happen upon a hungry mountain lion. The friends turn to run with the mountain lion hot on their heels. One friend turns to the other and states the obvious fact that there is no way they are going to out run a mountain lion. The other friend smiles and says, “I don’t have to out run the mountain lion, I just have to out run you”.
Everyone knows that cyber crime is a growing problem among American businesses. However, there’s a misconception that bigger businesses are a juicier target and have more risk of being attacked. This couldn’t be more wrong.
Most small businesses are less sophisticated in their security defenses. They are opting for free AV software and generally don’t employ security policies that seem restrictive. This is natural, since most small businesses are more focused on surviving an executing the business than investing in security. The problem is that to a predator looking for a meal, small businesses are easy prey.
A recent article in the Wall Street Journal points out the fallacies of depending solely on a traditional definition based approach to protecting endpoints and your business from attack. In the article a specific small company thought they weren’t a target because they only had 100 employees and didn’t make enough money to draw the attention of cyber-thieves. Unfortunately out this company was taken for $1.2 million by an enterprising hacker with a new, zero-day vulnerability to exploit. His new vulnerability wasn’t detected by anti-virus vendors that the company was running. These zero day threats are going to become more of the norm.
If you’re a small business it’s time to start running faster and to look like a less juicy target. Look for ways to augment your anti-virus client to include things such as application whitelisting and other more simple, proactive controls to combat zero day threats, and deal with today’s changing cybercrime landscape.
Doing small security things like that could save your business.