SMALL business or companies are just as likely to be targets of cybercrimes as larger companies because their networks can be hijacked to be used for other malicious activities.
According to Shamsul Bahri Hj Kamis, CEO of cybersecurity firm ITPSS Sdn Bhd, large companies or organisations have bigger data and more complex infrastructure and may be more vulnerable as a result. However small companies are also liable to be target if they are part of a supply chain of bigger organisations or if they store users data.
“This is related to our previous experiences that most small organisations, not just globally but also in Brunei,” he said.
Shamsul said that companies believed that they may not be targeted by cyber-criminals because they are small enterprises.
“They think that, because they are only a small company with a few people, no one is interested in them, so they do not invest in their online security,” he said.
Shamsul said that in the physical world, if someone breaks into an unsecured home and takes a weapon to harm others in your neighbourhood, it is a visible and immediate effect, so people do take care to secure their homes.
“However, in the cyberworld, they still think, so what if my website is affected or my webserver is hijacked?,” he said.
A hijacked network may not directly hurt your business, but Shamsul said it can be used to harm other people’s IT infrastructure.
“It might be used as a lauchpad for attacks or used as part of a bot-net,” he said. A bot-net is network of computers usually infected with malicious programmes to launch spam, computer viruses and other similar activities.
Shamsul disabused notion that companies or organisations are only responsible for their own security and would only be affected by security issues generated by their own assets.
“Business processes span more than just the organisations’ systems. If any of these are affected, others would also be affected down the line due to the interconnected nature and evolving threat landscape they are operating in,” he said.
Shamsul said that the challenge is how small companies will justify any measure they could or might take in order to secure their information infrastructure because it affects their bottom line.
“I think that is the biggest challenge,” he said.
He said that cloud computing could be a solution if companies have the right providers.