10 REASONS WHY

Top 10 Reasons Why the SBE is an ideal target for an attack

  1. The Attacker doesn’t care about your company size, name, or income. He/she seeks exploitable computers by their IP addresses so that the attacks can be automated with software tools.
  2. SBE’s are Easier Targets due to Poor Defense-in-Depth strategies. The typical SBE does not allocate the time or resources to create good defenses, as do the large companies, making the SBE much easier to exploit.
  3. Low awareness. Most SBE’s are not aware of the level and sophistication of Internet threats, not aware of their own vulnerabilities and need for more protection than an Anti-Virus system.
  4. Inadequate, cost centric solutions. Being ill informed, the SBE often selects the minimum cost security solution with minimum security features, and no update processes to preempt new ways to attack. These solutions are often simple NAT devices marketed as complete firewalls.
  5. In-sourcing. Many SBE’s stretch the responsibilities of their cost-effective IT resources to cover security as they see fit. These resources are typically not properly trained or experienced to address the complexity and sophistication of good security solutions.
  6. Poor Internet Content Control and Management. SBE’s usually allow their employees considerable latitude in the interaction with the Internet without managing the content of, or the access to risky, non-productive sites.
  7. Thinking insignificant. Many SBE’s perceive themselves to be too small or their data too unimportant to be a target. To the hacker, however, it’s a game and any successful exploit is a win regardless of who is victimized.
  8. Internet Exposed Applications. The SBE typically makes good use of Back Office applications such as E-mail, Web Servers, Terminal Server, and Citrix Server that are vulnerable exposures to the Internet.
  9. No defined Network Security Policy. SBE’s frequently lack a defined Network Security Policy and the enforcement of this policy. This greatly increases the invitation for, and likelihood of, a successful breach or exploit.
  10. High need for Tangible proof. SBE management is often overly skeptical about benefits of Internet security, and is reluctant to take preemptive action until the business is targeted and suffers significant loss.

References

  1. Rowland, Carolyn. “Selling Security to Management in a Low-Risk Environment”
    www.giac.org (27 April 2003)
  2. Jeff Herbert, “Introducing Security to the Small Business Enterprise”
    www.giac.org (28 April 2003)
  3. AllState Technical Services. “White Paper on Information Security Auditing / Implementation Procedures “. November 2002.
    www.allstatestech.com (27 April 2003)
  4. Larkin, Judy. “Strategic Reputation Risk Management”. ISBN: 0333995546

Security is a process
not a product.

Bruce Schneier, internationally renowned security technologist and author.

ManagedNetworkSecurity.com
 
2140 E. Southlake Blvd
Suite L-720
Southlake, Texas 76092
866.822.2238 phone
866.822.2299 fax

Our Value

  • Highly credentialed security professionals
  • Specialists in healthcare and financial regulatory requirements
  • Perpetual technology upgrades for relentless protection
  • Affordable solutions with no up-front cost

Site Map | SecurSite | SecurScan | SecurSurf | SecurInspect | SecurChannel | Privacy Policy
© 2004-2006 Managed Network Security - All rights reserved - ManagedNetworkSecurity.com® is a registered trademark