Enterprise organisations don't just do business with each other. They often procure goods and services from SMBs. But these partnerships with SMBs could compromise their IT security, according to a report by networking vendor Cisco.
Sleep picture from Shutterstock
In the Cisco 2016 Annual Security Report, enterprises are shown to be struggling to combat the cybersecurity threat posed by attackers using advanced methods and tools. Direct attacks by cybercriminals using ransomware alone earned them US$36 million a year per campaign, so companies have every right to be concerned.
There are several factors that stifle the ability for enterprises to protect their IT assets including aging infrastructure that isn't being upgraded, archaic organisational structures and outdated security practices. But one interesting finding that came out of the Cisco report is that SMBs could be a potential weak link that can compromise the efforts of large organisations to keep their IT safe.
According to the report:
"As more enterprises look closely at their supply chain and small business partnerships, they are finding that these organisations use fewer threat defence tools and processes. For example, from 2014 to 2015 the number of SMBs that used web security dropped more than 10 percent. This indicates potential risk to enterprises due to structural weaknesses."
Having said that, SMBs are attempting to improve their security posture, with the limited resources they have, through outsourcing. In fact, companies of all sizes have been increasingly keen on outsourcing services such as security consulting, auditing and incident responses.
The Cisco report also showed that nearly 92 per cent of "known bad" malware was found to use DNS as a key capability, and has labelled it a security "blind spot" since security teams and DNS experts generally work in different IT teams in organisations and don't usually don't talk to each other.