Half of Brit small biz hit by cyber crime. 10% spend zilch on infosec Almost half (48 per cent) of Britain's small businesses were hit by cyber-crime in the last year, with 10 per cent targeted many times. Despite this only one in five see cybersecurity as a business priority, and just 15 per cent are confident that they have adequate measures in place to prevent cybercrime, according to a …
"SMEs need to realise that they’re a target of DDoS, hacking and malware attacks just like bigger firms."
Unfortunately SME's don't have the big bucks like the bigger firms. Either the bucks for large(r) highly skilled IT teams or top end AV (if it's even worth it these days). And then there is the UTM's and the inevitable license/subscription attached to both which pushes the cost per "meat-in-a-seat" higher and higher.
Agreed.
With all the overheads that come with Cyber Security I can see why most people don't bother.
We had a consultant who came in (reluctantly on my part) and said after our 2 hour meeting that our barely eligible scribbles on the A1 meeting room pad needed disposed as they were a security risk. That's where your money is going.
Our company laptops are so bogged down with AntiVirus and preventative measures that most people have stopped using their company laptops and use their company phones and webmail on personal laptops instead.
There is a definite need for it, but it seems certain now that "Cyber Security" has become one of those dreaded buzzwords.
I find arrogance in SME's to be a big barrier...not only for Cyber Security but pretty much anything.
I did some work on a charity website recently. I wont name names here. The project was dooned tobfail as the Operations Director...a hard nosed bitch who is also an activist and a hard line feminist...couldn't grasp that what she was asking me to do was either technically impossible on their £6 a month hosting or highly retarded.
I got a lecture about their on house design expertise and her long standing experience in the industry.
I did some digging and found out that she has only ever worked at this charity and started there when she was in her early 20s. She is now in her late 20s.
A liability to be sure. The lecture she gave me was hilarious...I personally have web design experience going back to 1994...ive been through everything...seen all the trends...etc...you guys are probably the same...anyway Ibwas first told "we know whatvwe're doing we've been on a training course" and "it must be you the images we're sending look fine to us".
To clarify Ibwas asking for images 720 pixels by 120 pixels at 72dpi saved as PNG files. Or something to that effect.
I was getting either raw uncompressed and uncropped photographs or farting little GIFs about 10% of the size I needed.
I couldnt crop the images fornthem as they didnt want me to have any creative control.
I have an email chain the length of Linford Christies cock repeating my requirements over and over as well as explaining why the images they sent me were wrong.
This is not an isolated incident. A lot of Small Business directors get confused between "the vision" and "the business".
Once you've launched and are turning over some dough you need to reflect on your original idea and adapt according to the new facts you have learnt about your market. If you blindly follow "the vision" without wavering even slightly you will fail.
Bottom line, SMEs are generally chock full of arrogant self angrandising wankers who think they know better.
This post has been deleted by its author
I think the reason that the uptake is so low is that nobody can make a good financial case for additional security.
It's all very well bringing in someone who'll wave their arms in the air and scare you with apocryphal stories that don't have enough detail to be useful. But when it comes down to it, these SMEs will ask the following:
* What will it cost me?
* What financial savings will I make ?
* What guarantees can you give me?
And, like all things to do with IT security, there are no solid, consensus numbers. No formula. No certainty. So there will always be some companies - usually the ones that have suffered a major incident - who will be receptive, most will have more pressing, tangible, objectives for their budgets.
This report does not surprise me at all, nor do the comments above.
Being an IT integrator focused on Security, we attend about half a dozen sites a month that have not implemented an acceptable level of security and have been exposed to some type of attack/infection etc.
With regard to the comments above, it doesn't cost a fortune to get to an acceptable level, the threat landscape is a moving target that needs regular review.
There are NO guarantees. Period. You can't stop your house from being burgled, but you shouldn't leave it exposed either.
Our industry is FULL of people who don't know what they are talking about, but hopefully after 30 years I have at least got a grasp of it, but there's still a lot to learn.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
