SMBs Can Potentially Compromise Enterprise IT Security: Cisco Report

Enterprise organisations don't just do business with each other. They often procure goods and services from SMBs. But these partnerships with SMBs could compromise their IT security, according to a report by networking vendor Cisco.

Sleep picture from Shutterstock

In the Cisco 2016 Annual Security Report, enterprises are shown to be struggling to combat the cybersecurity threat posed by attackers using advanced methods and tools. Direct attacks by cybercriminals using ransomware alone earned them US$36 million a year per campaign, so companies have every right to be concerned.

There are several factors that stifle the ability for enterprises to protect their IT assets including aging infrastructure that isn't being upgraded, archaic organisational structures and outdated security practices. But one interesting finding that came out of the Cisco report is that SMBs could be a potential weak link that can compromise the efforts of large organisations to keep their IT safe.

According to the report:

"As more enterprises look closely at their supply chain and small business partnerships, they are finding that these organisations use fewer threat defence tools and processes. For example, from 2014 to 2015 the number of SMBs that used web security dropped more than 10 percent. This indicates potential risk to enterprises due to structural weaknesses."

Having said that, SMBs are attempting to improve their security posture, with the limited resources they have, through outsourcing. In fact, companies of all sizes have been increasingly keen on outsourcing services such as security consulting, auditing and incident responses.

The Cisco report also showed that nearly 92 per cent of "known bad" malware was found to use DNS as a key capability, and has labelled it a security "blind spot" since security teams and DNS experts generally work in different IT teams in organisations and don't usually don't talk to each other.


Comments

    Maybe SMB's are reducing the need for over-the-top security tools by:
    a) teaching their staff not to be n00bs
    b) getting rid of the n00bs

    Come on guys, At least read your headlines (and articles) out loud before putting them up. Your headline makes absolutely no sense. I think you have even published articles on how to avoid this stuff...

      Sorry about this. Sometimes we make last-minute headline changes and this is what happens. No excuse and we have taken your feedback on board. All fixed now.

Join the discussion!

Trending Stories Right Now