An overarching theme of the report reveals that SMBs around the world (and particularly in North America) believe they are too small and pose too little value to hackers to be worth their time, but recent trends in hacker and cybercrime activity reveal that’s just not the case.

In reality, SMBs’ limited resources, inadequate security, and lack of technical expertise make them more vulnerable to cyber attack, and hackers are taking notice.

Jeff Green, Senior VP of McAfee Avert Labs confirmed, “High profile attacks [on larger enterprises] are becoming less frequent because they are often detected quickly. Attackers are favoring stealth attacks that quietly infiltrate systems [of small and medium businesses].”

To change this trend, small and medium-sized organizations will need to make significant shifts in their fundamental values and budgetary allocations.

Today:

• 52% of SMBs believe they are not well known enough to be a target for cybercrime
• 46% believe hackers could not make any money by accessing their information
• 45% of SMBs think they hold little value to hackers
• 44% believe cyber crime is an issue for larger organizations
• 35% of SMBs are not concerned about being a target of cybercrime
• 34% don’t think their information has value outside the organization

As a result, an alarming number (74%) of  SMBs allocate three hours or less each week to IT security, and half of all SMBs surveyed feel adequately protected by default settings on the IT equipment. The effects of these lax standards are dire resulting in stolen data, downtime, decreased productivity, non-compliance, lost sales, and a tarnished reputation.

Businesses in this space typically experience a week of downtime trying to recover from a cyber attack, and real, out of pocket costs hover around $41,000 per incident.

So what’s a small business to do?

“Get ahead of the hackers. Take every step you can to prevent security breaches by partnering with organizations that specialize in security for small business,” advises FireHost Founder and CEO, Chris Drake. “We provide resources and expertise required to do business securely online, and FireHost helps SMBs achieve higher security levels for less money than they might spend taking on the challenge alone.”

Cyber Criminal Technique #1: War Driving

War driving means “cruising” for WiFi signals. Once detected, cybercriminals use FREE password-breaking software to intercept the signal broadcasting from any home or business.

Monitoring WiFi networks over time, cyberthieves can establish a virtual private network and connect directly to a server or database.

Cyber Criminal Technique #2: SQL Injection

SQL injections are a popular way for cybercriminals to get inside “protected networks”. In a SQL injection attack, the hacker types random characters into a web form, such as a log in page. The attack may be carried out manually or using a robot to penetrate the form. Once inside, hackers can gain access to databases containing sensitive, personal information.

War driving and SQL injection attacks are the means to a cyber criminal’s end. Once the target server is breached, he or she implants a “sniffer” program. (Sniffers are widely available for free, and they are capable of logging all traffic moving across a network). Savvy hackers have devised and sell sniffers designed specifically to detect and record credit and debit card information.

Wade Baker, Verizon Business’ principal researcher told USA Today, it takes five to six months (on average) before companies detect cybercrimes of this nature. In the vast majority of cases he has researched, cyberthieves spent days after the initial breach to locate databases with the most valuable information, then methodically extracted the sensitive data for weeks or years before being detected. He warns, “Many organizations right now have breaches they don’t know about and won’t discover for some time to come.”

The Identity Theft Resource Center (ITRC) has investigated about 400 incidents consisting of over 220 million exposed records so far this year. The list of victims proves that lengthy and destructive breaches are not reserved for global enterprise. SMBs, particularly businesses that provide retail, financial, and healthcare services are prime targets.

“The highly available and free nature of the tools necessary to carry out war driving and SQL injection attacks means novice hackers are capable of producing devastating breaches. Achieving PCI Compliance and partnering with a hosting partner that provides security will help prevent you from making the ITRC’s list,” advises Chris Drake, CEO and Founder of FireHost.

A lack of threat awareness is not the problem. The study shows that almost all businesses in this category have installed anti-virus programs and kept security systems up to date, but a large number of SMBs still become victims of cyber crimes. When disaster strikes, viruses (41%) followed by spyware (26%) are most often the cause.

In a conversation with SC Magazine, Luis Corrons, PandaLabs technical director suggested, “these companies often lack the in-house staff and resources to fight off increasingly sophisticated and exponentially more targeted Internet attacks.”

The study’s results support Mr. Corrons claim that SMBs are not or able (or willing) to allocate the appropriate resources to close vulnerabilities and properly secure their environment.

• 52% of survey respondents have no web filtering solution
• 39% are untrained/unaware of IT threats
• 29% have no anti-spam solution
• 22% are without anti-spyware technology
• 16% do not have a firewall

So what should small and medium size business owners do?

Network vulnerability scans provide extremely high value. A thorough scan of your website(s), database(s), and application(s) can identify disasters waiting to happen. With a starting pricepoint around $100 each, vulnerability scans provide SMBs an affordable way to identify open ports, SQL injections, cross-site scripting (XSS) attempts, holes in JavaScript and web forms, and much more.

Steve Hawkins, Raytheon’s VP of Information Security Solutions, told FoxNews.com that there are more than 30 different job descriptions available, and applicants must pass the most stringent security clearances. Qualified individuals must understand computer systems and have a handle on the interaction between hardware and software down to the nitty-gritty. Additionally, applicants should know how the adversary [ cybercriminals ] thinks and adopt their perspective, but in an ethical way.

Raytheon isn’t alone in the movement to beef up the US cyber army. The Center for Strategic and International Studies recently kicked off a nationwide talent search for high school and college students to encourage cybersecurity as a career path.

Aptly named, the US Cyber Challenge has set out to find 10,000 young Americans interested in becoming cyber guardians and cyber warriors. The program will nurture and develop participants’ skills and provide access to advanced education.

“We’re glad to see online security become a public concern. These competitions and recruitment activities reinforce our core belief that everyone is entitled to maintain an identity online without the threat of being hacked or defaced. Having more qualified individuals working to make the internet safer is only going to make our secure hosting services more effective,” states FireHost CEO, Chris Drake.

There are four million British identities for sale according to a weekend story from the UK’s Times Online. The compromised data contains highly sensitive, personal financial information like credit card details, bank account numbers, and PIN’s, and it’s all available to the highest bidder.

You may be wondering how such a large bounty of confidential information was collected, and what organization is responsible for the massive data breach. The startling answer is that no one is directly responsible for the leak; it appears everyday email users like you divulged their digits to these hackers.

“Most of the personal data has been gathered as a result of phishing. Unsuspecting victims hand over the information by e-mail to people posing as reputable sources such as banks or online stores. Other data has been stolen after criminals infect a person’s personal computer with viruses and then raid it for information,” the story states.

The truth is, you are the key component in protecting yourself from phishing attempts. Being smart, web savvy, and even leery about requests for personal information that show up in your inbox can help keep you protected.

In addition, there are sophisticated, spam-protection applications and appliances that can eliminate the bulk of the work for you by “sniffing out” phishy emails and preventing them from reaching your inbox.

The benefits of spam protection are two fold. Flagging and quarantining potentially dangerous email will make checking your email a more pleasant experience, and removing spam from your inbox can reduce the potential for having your identity ruined.

To learn more about FireHost’s unrivaled spam protection and other online security services, visit our secure web hosting add-ons page.