The Perfect Storm – Hackers eye on SMB

Managed Service Providers to the Rescue…

Every organization would be thrilled if it could scratch it’s name from tomorrow’s Hurricane of Data Breaches. Unfortunately for the small-midsize business (SMB), they are finding themselves on the coastlines of a data breach storm. Let’s face it; generating revenue is the priority. When it comes to IT security and compliance, most do not have a dedicated or experienced IT professional on staff they can rely upon.

After analyzing scan results (March 2014) from thousands of SMBs around the globe, the average desktop revealed 210 vulnerable entry points mostly from outdated 3rd party apps such as Adobe, JAVA and popular browsers.

Desktops storing unprotected PII data

Figure 1. Desktops storing unprotected PII data

Furthermore, 96% of these vulnerable desktops exposed unencrypted cardholder and/or social security data at rest, putting their business at risk. We predict this is only the eye of the storm or the calm before additional devastation occurs.

There are now over 10.8 million North American small businesses tasked with obtaining either PCI or HIPAA internal scanning requirements. This includes Tony’s Tacos, Dave’s Bike Shop to your local Dentist, all storing our credit card among other forms of our personal identifiable information (PII) at risk.

When we review the business operation of SMB owners, their business plan never embraced security as cost center, much less the skill sets needed to protect and secure. In fact, when SMB’s historically sought solutions, they ended up accepting the risk due to price, complexity of the solution, or think they are too small for their business to be in eyesight of the calm before the storm.

Data thieves and hackers fathom that SMBs have weaker defenses while storing a monstrous volume of valuable PII.

APT Data Breach example

Figure 2. APT Data Breach example

Over the past several weeks, we demonstrated how data breaches occur to managed service providers, tasked with safeguarding and assessing the endpoint for these businesses at risk. The largest growth area for targeted attacks over the past few years are businesses with fewer than 250 employees. This is bad news for SMBs without a means of identifying their security posture.

The good news, most MSPs utilize remote monitoring and management (RMM) tools to service SMBs, removing the barrier of expensive appliances and complex software. iScan Online’s integration with popular RMM tools such as Kaseya, LabTech Software, LogMeIn and others, now enable the MSP to deliver security and compliance scanning to thousands of SMBs across the globe, regardless of their location.

The lack of security and protection of PII data threaten all of us, not just the business. Without a doubt, iScan Online, MSPs and our technology alliances are making an impact to what is before us, The Perfect Storm, of security incidents and data breaches.

Avoid the perfect storm by identifying unprotected data at rest before an incident occurs. To know what you don’t know is a powerful step to prevent data theft.
Sample Cardholder Discovery Report

*** This is a Security Bloggers Network syndicated blog from iScan Online Blog authored by Billy Austin. Read the original post at: