Payment data theft: There’s no such thing as too small to be hacked!

By Jean-Frederic Karcher, Head of Security, Maintel

If you think this statement isn’t true, then think again. Unfortunately no business is too small to evade a cyber-attack or data breach according to findings of a Ponemon Institute study focused on the cybersecurity threat to small and medium companies (SMBs). Small and large businesses alike are struggling to meet their need for better, faster, more cost-effective cybersecurity.

In fact, 55% of respondents said they’ve experienced a cyber-attack in the past 12 months, and in the UK, 60% of companies from this study had experienced a data breach during the past year. This is due to the fact that many small businesses don’t have the resources or technical know-how to protect their confidential records or payment card data against theft.

At the same time, the threat landscape is becoming ever more unmanageable. Again, according to a 2016 Ponemon Institute© research report*, improved hacking tools have made it easier, faster, and less expensive for hackers to execute successful targeted attacks against companies. And unsurprisingly, targeted, persistent attacks are on the rise. There is a huge focus from criminals and organised cybercrime gangs to develop and deploy targeted, complex malicious software — such as Dridex and Dyre, which are aimed at emptying consumer and business bank accounts in the UK and elsewhere. Unfortunately, today’s cybercriminals are well financed and have an organisational capacity that rivals Fortune 500 companies.

In another report released in July, the UK National Crime Agency (NCA) warned cybercrime has now surpassed all other forms of crime in the United Kingdom. According to the NCA, cybercrime emerged as the largest proportion of total crime in the U.K., with “cyber enabled fraud” making up 36 percent of all crime reported, and “computer misuse” accounting for 17 percent.

In July this year, the PCI SSC council (Payment Card Industry Security Standards Council) decided to put more focus on small business payment security - launching resources specifically designed for small businesses. With simple diagrams and everyday language, the resources are provide a common point of understanding between merchants, their banks, and their service providers on why and how to protect against payment data theft.

It is fair to say that organisations across the globe are turning to accredited managed security service providers (MSSPs)  like Maintel to protect their communication estate, fill their technical security needs and address the security regulation questions, such as PCI DSS for merchants and online retailers. 

These firms offer security hardware and expertise as an operating expense, which provides businesses of all sizes a cost-effective, amortized security solution; and they can also support a very large share of the standards’ requirements as soon as they are themselves certified. 

Additional benefits of MSSPs include:

  • Enabling your IT department to focus on their core competencies: A managed service approach allows companies to meet the breadth and depth of security needs while maintaining IT support across other areas of the business.
  • Reducing issues with obsolete technology: Capital expense is another costly component to securing the enterprise. Security technology changes fast. As network speeds increase, so do firewall performance requirements, creating a hardware arms race that is costly and difficult to maintain. Through an MSSP, you can upgrade hardware as needed without excessive capital expense.
  • Accessing top security talent how and when you need them: Due to their specialization, MSSPs are in a position to provide highly skilled engineers, properly configured technology, and around-the-clock monitoring and management to mitigate risks.
  • Meeting regulatory compliance with professional help (PCI-DSS, ISO 27001): MSSPs commonly specialize in meeting various compliance regulations for the protection of customer data, and can guide you through the process and how it affects your business.

So if you’re worried about cybercrime (and you should be) and making sure you’re organisation is effectively covered, why not talk to Maintel about ICON Secure, our managed security service, delivered from the cloud for a cost effective monthly fee?

*Flipping the Economics of Attacks, Ponemon Institure©, January 2016