Hackers targeting SMEs because of their ‘bigger business’ connections

Hackers aren’t just targeting SMEs because they are deemed easy targets, they’re seen as gateways to even more lucrative companies.

SMES are increasingly being targeted by hackers because of their connections to bigger businesses, Zurich has warned.

According to a new report from Zurich, Global interconnections of cyber risk: impact on small and medium-sized enterprises, while new technologies can enable SMEs to become more competitive and enhance their customer service, it also brings new cyber security risks, which tend to be overlooked but can lead businesses on a path to ruin.

Zurich’s head of financial lines in Australia and New Zealand, Marc Luginbuehl, said the problems do not end there: “An additional problem that is revealing itself is that hackers are now often targeting an SME not for its own value, but because of its connection to bigger business which may be relying on the SME for something critical to its operations.”

The report finds that the number of SMEs using cloud storage technology continues to rise as acknowledged by the Australian Government following the release of a Cloud Computing Guide for small business. Recent MYOB statistics also show small businesses using cloud services were 106% more likely to see a revenue rise in the past year than businesses not using cloud services.

Luginbuehl said: “It's never been more valid than now to remind SME's that, while they should investigate and potentially embrace emerging technologies such as cloud storage, it would be remiss of them not to take great care to understand and mitigate the unique risks that can arise from their implementation."

The warning to SMEs is directed at owners, risk managers, corporate executives, board directors and government officials, which the report says are generally “not prepared” for the internet of tomorrow.

Luginbuehl says solutions for business owners and CEOs include periodically meeting with line staff and managers to examine how cloud-service companies, as well as other parties such as outsourcing partners and suppliers, might expose the company to risks.

“For the best results, combine this with regular drills for detecting cyber breaches and developing formal procedures on how to respond to any disruptions, as well as reviewing the company’s access to its client’s systems and the client information kept in the company systems,” he advises.

Other recommendations for SME’s include improving cyber security, shifting mentalities from protection towards resilience, and have owners or CEOs step up in the risk management stakes by making time to better understand the technologies that their company relies upon.

“They need to determine how these disruptions could lead them to lose important clients, or potentially even force them into bankruptcy. We should be seeing the desire of conscientious managers to further develop a holistic view on risk and well-rounded risk management approaches when exploring potential systemic cyber failures.”

“Businesses, irrespective of size are encouraged to further protect themselves from the impact of cybercrime by taking out security and privacy insurance. Care should also be given to understand the varying covers that are available in the market, there can be significant differences in what is provided with some products leaving clients vulnerable to untargeted attacks such as waterhole attacks and ransom-ware which are becoming increasingly common," he adds.