Small and midsized businesses might be the lifeblood of the U.S. economy, but according to the latest Internet security survey from Panda Security, their generally lackadaisical efforts to protect consumer data is also making them a prime target for cyber thieves.
More disturbing, particularly for customers swiping their credit cards or purchasing products and services online, the survey reveals that the vast majority of SMBs claim they don't know how to effectively prevent identity theft, lack the resources to install the technology that could thwart the majority of cyber attacks and, worse, seem to believe that it's really not their problem.
Panda Security's survey of 300 executives and financial professionals at SMBs (defined as companies with between 1 and 500 employees) spread across 38 different industries, found that 63 percent of companies acknowledge being worried about cybercrime but say they lack the knowledge to protect their businesses.
This apparent institutional ignorance is especially acute when it comes to banker Trojans, a particularly virulent form of malware that tricks people into divulging usernames and passwords for their online banking accounts.
Fifty-two percent of the survey respondents said they had "little or no familiarity" with banking Trojans, even though the mainstream media has provided extensive coverage of high-profile identity theft scams such as the infamous T.J. Maxx hacker attack that resulted in the theft of more than 40 million credit and debit card numbers, the largest identity theft case ever prosecuted by the U.S. Justice Department.
SMBs are even more clueless when it comes to how they think these thefts will be resolved once they've occurred.
The survey found that a staggering 63 percent of companies either "strongly or somewhat" believed that their banks would return all of the funds stolen in these attacks, a sign that most SMBs aren't particularly motivated, or capable, of implementing at least a modicum of security technology and processes to prevent themselves from being swindled.
But in the Panda's survey, only about 37 percent of victims said they recovered their stolen funds, while 28 percent reported "most" of their stolen funds were reimbursed.
"While online banking security is a general concern among most SMBs, most of them have little knowledge about the specific threats targeting organizations of their size," Panda Security's Sean-Paul Correll, said in the report.
It's precisely this false sense of deserved recovery that has prompted three states to recently pass legislation allowing banks to recover costs and damages from retailers that endure data breaches after failing to comply with Payment Card Industry standards.
"U.S. law puts the burden on business owners for keeping funds secure, rather than the banks," Correll said. "The majority of SMBs surveyed werent aware of this fact, which means they are operating with a false sense of security."
Lacking IT resources
They're also operating with less resources and general technology acumen than large companies.
"SMBs typically have fewer in-house resources and budgets for IT security, placing them at greater risk of attack," the report concluded.
While 64 percent of those surveyed said they have protective and procedural methods in place to detect or prevent online banking fraud, 15 percent admitted they had not updated security software on all of their online transaction systems and were "unsure" of their security software altogether.
Finally, 58 percent said they don't even have insurance to protect their business from banking fraud or identity theft.