SMBs have become the primary targets for hackers

Small and Medium scale Businesses are striving for online presence to provide a better and easier service to their customers. But bad news is that SMBs have become the primary target for hackers. Using spearphishing and brute force techniques, hackers are breaking the unsecured shields of SMBs. Read on to know how and why SMBs are now the main target for hactivists.

We all knew that in India any enterprise or business whose investment lies between Rs 25 lakh and Rs 10 crore can be considered as Small or Medium enterprise or SMB. According to a survey there are as many as 10 million SMBs in India including IT sector. Long back, I read news that only 5 to 7 lakhs of them have online presence i.e. a website. I felt sorry for the critical situation of Indian businesses. But to my surprise recent reports of Symantec stated that hackers concentrated more on SMBs and attacks increased to more than 72% from the year 2011. Earlier, hackers used to target pornographic and gambling sites but now they've changed their game to SMBs where security levels appeared quite easier to breakdown.

Majority of small and medium enterprises spend less than $300 per year on their security management. As compared to the previous year's reports, attacks are increasing exponentially and not less than 30k websites are being hacked a day. Most of the attacked businesses fall under the category of SMB and the most common way used in stealing their data is SQL (Structure query Language) injection. So, where does the fault exist? Fact is that these SMBs mainly concentrate on expanding their business and thereby multiplying their revenue. Hackers find it simpler to attack them whose level of security at databases and in networks is neglected. Who knows, someone might have already kept an eagle eye on your website. The image attached shows the main targets of hackers where ATMs occupied the first place and Desktops, File servers, Laptops follows.
what gets hacked most?

Why SMBs are the main target?

Large businesses monitor everything that enters their network and they employ high level compliance system to safeguard their data. As these compliance methods become a big barrier for hackers, they choose small business and their websites to steal confidential data including customer's credit card numbers and their accounts. Also SMBs consider themselves that they are not that popular among the web public when compared to large scale businesses. This sort of thinking makes them believe that they are less prone to attackers. Also hackers choose SMBs that are linked up with high profile and large companies and make these SMBs as zombies for future attacks.

Choosing a best server on which their website is hosted is not that difficult for a professional hacker. After configuring a website it should be patched and kept up-to-date on daily basis to avoid vulnerability. Many small business just register a domain and neglect about its management i.e. who takes care of their domain all the time. Employing a two step authentication or security codes for accessing your domains helps SMBs from dangerous hands. Also, most of the SMBs are now moving to cloud hosting so that their web presence could be more secure. However, cloud hosting does incur attacks that are mainly web applications attacks.

Last week even the most famous high profile websites New York Times, Huffington post, Twitters short URL service faced an attack where attackers tried to control their domains. Of course, they failed in their process to access the details as the hack didn't go long. But some experts say that such penetration into their DNS via spearphishing mail which duped Melbourne IT (registrar for the above mentioned websites) could have done a lot of destruction. So, all such high profile websites are advised to lock their domain names with a registry lock feature available at some registrars like VeriSign., a URL shortening service which was in the target of hactivists even changed the registrar after this incident. If such top ranked high profile sites are no excuse for hackers, what about these small and medium scale websites? Can they safely continue their business for years without any fear of getting trapped?

By considering all such vulnerabilities like spearpishing and brute force attacks I am happy that Indian SMBs are on safe side. Of course it's not that beneficiary for SMBs to be offline because, in countries like US and UK 50 to 85 percent of the customers are expecting services to have online presence but in India that number is less than ten. However, with as many as 137 million internet users Indian customers definitely needs services online in the near future. So, those SMBs, before getting online should consider all such increasing vulnerabilities and establish a shield of security.

Even today, reports recognized simple passwords like ordered numeric, the domain name itself and words like admin. What is the difficulty in utilizing extra 10 KB space in our mind for a complicated password? So, managing Domain Name Servers, employing two-step authentication process, patching websites regularly, locking unwanted services on web servers etc can help Small and Medium scale business a lot from hackers. It is also recommended to recruit a professional security consultant or a database administrator for your business by spending a few bucks. Don't hesitate to bear the cost involved, if you are to face any attack, reconstruction of complete network database and fame would cost you 100 times in extra.

Read eBay hacking and lessons learnt to stay secured online


  • Do not include your name, "with regards" etc in the comment. Write detailed comment, relevant to the topic.
  • No HTML formatting and links to other web sites are allowed.
  • This is a strictly moderated site. Absolutely no spam allowed.
  • Name: