Despite all the media attention on large enterprise data breaches such as Yahoo and TalkTalk, small and medium sized enterprises (SME) don’t feel that they will be a target of an attack given their limited web presence. Based on a number of studies, this is clearly not the case and in fact, SMEs more susceptible to an attack as this report will illustrate.

Osterman Research’s survey purports that that 71% of SMEs have suffered a security breach during the previous 12 months. Since these breaches are rarely made public, most SME’s are reticent about investing in appropriate security measures and personnel to address the risks associated with protecting their brand and their customer’s sensitive data.

Although large enterprises, once breached, offer the opportunity for a significant payout, SMEs are an easier target given their lack of security expertise, budget and personnel to understand and addresses the risks.

According to the Annual Security Report 2016, 22% of businesses with fewer than 500 employees do not have an executive with direct responsibility and accountability for security.

is-your-business-too-small-for-cyber-attacks

Source:Annual Security Report

Recently Ponemon Institute surveyed 600 IT leaders at small and medium sized businesses for its State of Cybersecurity in Small & Medium-Sized Businesses report and found out that 49% businesses have experienced ‘Web-based (web application) Attack’ and noted these attacks as the most common threat facing businesses today. Even Gartner stated that 70% of all security breaches occur due to vulnerabilities within the web application layer.

However, many SMEs tend to ignore an investment in application layer technologies given the perception that their web presence is not significant enough to attract hackers’ attention. SANS Institute’s IT Security Spending Trends reports that companies still spend more on wireless security and network traffic visibility, which suggests that they still consider their network defenses the best means of protecting their sensitive data.  Given that the majority of security vulnerabilities exist at the application layer, it’s imperative that SMEs start looking beyond the tradition security approach restricted to the network layer. They must have a plan to manage their web presence.

The ideal solution would be to develop and manage an in-house application security program but given the lack of expertise and budget, this initiative is not tenable for most SMEs.  With security costs going up and a dearth of cyber security talent in the marketplace, SMEs can’t compete large enterprises to find and retain talent.

Overcoming Application Security Challenges

Companies need a holistic application security approach to overcome the challenges of hiring & managing trained security staff without the enterprise-level costs.

Indusface AppTrana helps achieve 360-degree of web application security with detection, protection, and monitoring of web applications a fraction of the cost of hiring an in-house team. Offered as a service, it includes web application scanning, malware scanning, defacement monitoring, web application firewall, penetration testing and remediation along with full management of the operation using subject matter experts.

  • Comprehensive application security protection for all of your domains
  • Continuous scanning and penetration testing to find logical flaws in the applications
  • Vulnerability patching (virtual) through Web Application Firewall
  • Real-time monitoring, tuning and remediation of attacks with custom rules for logic flaws
  • Application DDoS attack mitigation
  • Annual subscription per domain or hourly rates on AWS Marketplace

Founder & Chief Marketing Officer, Indusface

Venky has played multiple roles within Indusface for the past 6 years. Prior to this, as the CTO @indusface, Venky built the product/service offering and technology team from scratch, and grew it from ideation to getting initial customers with a proven/validated business model poised for scale. Before joining Indusface, Venky had 10+ years of experience in security industry and had held various mgmt/leadership roles in Product Development, Professional Services and Sales @Entrust.