InfoSec 2013: Government Promises £500,000 Cyber Aid For SMBs

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

SMBs are getting battered and the government wants to help with little pots of money

The government is attempting to address concerns from small and medium-sized businesses (SMBs) that can’t protect themselves from cyber attacks by offering small packages of money to bring in outside assistance.

Today, as the InfoSecurity 2013 conference kicks off in London, the UK government said its Technology Strategy Board would extend the Innovation Vouchers scheme, which will let SMBs bid for up to £5,000 from a £500,000 pot to use for outside assistance in beefing up security.

Earlier this month, Symantec noted how SMBs were increasingly getting breached by Internet-enabled attackers, with many concerned about the threat of sophisticated, government-sponsored strikes.

david_willettssquareThe security giant found businesses with less than 250 employees were now the target of 31 percent of all attacks. They’re an easier target than larger organisations, as they don’t traditionally have the same levels of security, nor as much employee education.

Vouchers for security

“Companies are more at risk than ever of having their cyber security compromised, in particular small businesses, and no sector is immune from attack. But there are simple steps that can be taken to prevent the majority of incidents,” said minister for universities and science, David Willetts (pictured).

“The package of support we are announcing today will help small businesses protect valuable assets like financial information, websites, equipment, software and intellectual property, driving growth and keeping UK businesses ahead in the global race.”

The government-backed 2013 Information Security Breaches Survey, carried out by PwC, showed 87 percent of small businesses across all sectors were hit by a breach over the last year. Many believe if all businesses knew what was going on inside their systems, that figure would be close to 100 percent.

However, much of the impact is being felt in bigger firms. The research claimed the average cost of the worst security breach for small organisations was between £35,000 and £65,000, compared to between £450,000 and £850,000 for large organisations.

Furthermore, the median number of breaches suffered was 113 for a large organisation, up from 71 a year ago, compared to 17 for a small business.

According to the Department for Business Innovation and Skills, which cited a number of case studies in support of its investment, when a mid-sized energy company suffered disk corruption in its storage area network it had to shell out tens of thousands to recover. That was largely because systems hadn’t been designed with “sufficient redundancy”.

BIS has launched cyber security advice specifically aimed at SMBs today, helping them embed security in their everyday operations, so such disasters aren’t a regular occurrence. And experts agree SMBs need all the help they can get.

SMB security woes

Wolfgang Kandek, chief technology officer at security firm Qualys, told TechWeekEurope SMBs often get caught up in “opportunistic attacks”.

“They are searching the Internet either for business or pleasure, [visiting infected websites], getting infected, losing their account credentials that way… that is their biggest challenge,” Kandek said.

“There is maybe an absence of security, or security education.

“We think the main attack vectors are in the browsers and their plug-ins. Even if phishing emails come in, they typically go through the browser and try to download malware.

“So getting the browser and plugins up to a good standard is the most basic thing you can do [to protect yourself].”

What do you know about Internet security? Find out with our quiz!