Hacking one network to access another more lucrative network is a common hacker tactic.
Increasingly, the first network to be hacked likely belongs to an SMB. When an SMB is networked with a larger customer, a vulnerability in the SMB's network might translate to a vulnerability in the customer's network. By hacking an SMB, a hacker learns how to get into the customer's network, what that network can do, and about any access credentials and procedures. Hackers can lurk for as long as they like, looking all the time like an authorised supplier.
Online retailers with a database of credit cards could see those details stolen thanks to a virus or Trojan horse that infects a delivery company, manufacturer, cloud-CRM supplier, or any other company in their supply chain with access to their IT network. The hackers don’t have to act immediately. They can wait until the Boxing Day sales, for instance.
That means SMBs’ IT security is coming under more scrutiny from their large enterprise customers. SMBs are also likely to see security operational conditions show up in their partner contracts. Failing an IT security test could mean not getting (or losing) a contract—and not just an IT-based contract.
The customer will want the right to show up for unannounced network, software, and facility spot checks. Naming and shaming is also likely. It’s in the larger customers’ interests to let partners know when one of their number has been caught with inadequate security and terminated.
Customers might also expect the SMB to agree to be held liable if a breach is traced back to it.
So far, enterprises looking closely at their supply chain and small business partnerships aren’t always liking what they find.
Kaspersky Lab’s Global IT Security Risks Survey found:
- There has been an eight percent fall in the deployment of anti-malware solutions on mobile devices.
- 44 percent of businesses don’t have a fully implemented security solution.
- 52 percent of respondents think that their organisation needs to improve its incident response plans for data breach and IT security events.
Only 54 percent of respondents said they were sure senior (non-IT) personnel within the organisation have a good understanding of the IT security risks their companies face. That is not an encouraging sign when 90 percent of businesses have experienced some form of external threat.
One thing cautious enterprises are likely to be asking themselves is if the leadership teams of their suppliers have made security a priority. Finding out those teams aren’t even aware of the scale of the problem will not reflect well.
The first job an SMB’s IT professionals face might be one of internal education.
Reach out for help.
Our range of network security products and knowledge is aimed at increasing network visibility, providing your network with perimeter protection, intranet security and protecting from application level attacks. Reach out to Commandacom to review your level of security before it's too late.