What Risky IT Management Methods Do Cyber Criminals Target?

it management mistakes
  • June 29, 2017
  • Print This Post

Part 3 in our Stalk the Stalkers Series

A recent security survey revealed a shocking trend among small to mid-size businesses (SMBs): “SMBs aren’t taking security seriously enough at a time when they should be taking it more seriously than ever.” Here are the findings Kontzer’s latest slideshow discloses about SMBs and IT management:

  • Many are short-staffed for cybersecurity – About a third (31%) of companies surveyed reported they don’t employ any IT security professionals.
  • Many don’t budget for cybersecurity – Nearly half (47%) of respondents admitted having no dedicated cyber security budget.
  • Many are in the dark about data breaches – More than a third (34%) of companies polled said they are concerned that their organization’s networks were breached without anyone knowing.

These revelations are especially shocking considering today’s SMBs are operating in business world that just experienced the greatest spike of cybercrime in recorded history and small firms now are the victims of nearly half of all cyberattacks. Per a study by IBM’s “X-Force Threat Intelligence Index 2017,” 566% more data records were compromised in 2016 compared to 2015. And per security software firm Symantec, small businesses are the targets of cybercrime 43% of the time. Yet, somehow more than half (54%) the SMBs involved in the research Kontzer featured believe “they’re well-prepared to identify and respond to a cybersecurity incident.”

How could they think so, given their responses to questions about staffing, budget and awareness?

Perhaps they put too much faith in basic security technology and too little thought into managing IT security. Nearly all (96%) of the SMBs canvassed confirmed they have a firewall in place, but less than half said they use IT management techniques such as “internal penetration testing” and “configuration auditing.”

While the two terms we mentioned above sound technical, they have more to do with a management mindset than technology. The two IT tactics are about vigilance, which is a state of mind any SMB leader should adopt in today’s environment, SMB leader. Why? Because, as we have explained in earlier posts, social engineering techniques such as ransomware and phishing show cybercrooks look for vulnerabilities in organizational behaviors more than weaknesses in hardware or software. Which behaviors increase your organization’s cybersecurity risk? We see three big ones:

  • Lack of IT Management Sophistication – Too often small businesses place too much responsibility for IT in general on their leadership. Yes, we have advocated many times in this blog that SMB leaders should think and act like “big-time” CIOs. But that doesn’t mean we believe those leaders should be working solo. Because the actions of any one employee can put an entire company at risk. So, every employee shares responsibility and accountability for conscientious computing.
  • Lack of Policy and/or Policy Enforcement – Does your organization have a formal policy regarding the secure use of mobile devices? Does your company have a formal Business Continuity plan that includes a Disaster Recovery process for responding to data breaches? If not, your firm is a more enticing target for cybercrooks than a company that has established and maintains those management practices. In short, without formal, enforceable policies that support secure practices hackers have more avenues of attack.
  • Lack of Cybersecurity Awareness – Many times in many posts we have counseled that perhaps the best defense against cyberattacks is awareness training. Learn more from our post “Why Education is Your Best Cyber Security Defense.”

IT Managed Services Providers (MSPs) are prepared to facilitate and support your approach to cybersecurity on multiple levels – sophistication, policy and awareness. Here are tips for finding a good fit for your company.

Need Help With
Your IT?

Find a Location


Need Help with your IT?

Find a Location
Near You.


into the evolving world of IT for business.
Subscribe now.

Follow Us
Friend me on FacebookFollow me on TwitterFollow my company on LinkedInRSS Feed

Follow us on Twitter


ITinflections is a blog that covers a wide range of technology-based articles IT in the workplace, focusing on small- to medium-sized businesses.

If you’re looking to improve your company’s productivity through the effective use of technology, enjoy ITinflections, the blog about technology for business.