Budapest, April 20, 2022 14:00

Phishers target everything, but increasingly micro, small and medium-sized businesses, the majority of which are still unaware of the vulnerability of their IT solutions and the damage an incident can cause. Based on the latest research by Telekom and BellResearch the vast majority of businesses do not pay enough attention to protecting themselves against phishing, and in most cases even their managers are unaware of the relevant risks.

According to a recent representative survey* of micro, small and medium-sized enterprises* made by BellResearch upon Telekom’s assignment, two third of companies think of IT tools and the security of corporate and customer data when it comes to safe operation. They also think that they are protected by using firewalls, antivirus software, backups while trying to protect their devices, correspondence and passwords. The same number of businesses believe that due to their size they will not be targeted, and 70% are convinced that they do not manage data that needs to be protected.  In addition, the vast majority of companies (80%) calm themselves that they do not have data that cannot be replaced, believing that a data loss incident would not cause an impossible challenge to their business operation. This suggests that these companies do not only underestimate the level of risks, but also the impact of a data breach incident, as they do not take into account their responsibility of keeping their business partners’ or even their customers’ information safe.

This is well explained by the extremely low feeling of threat measured in the survey, as only 20% of micro businesses and 30% of SMEs think that their systems are at least somewhat exposed to IT attacks and threats.  In addition, 60% of the former and 40% of the latter try to manage IT and data security matters in-house. Even such matters as the management of data loss incidents.  Only around 10% of micro and small businesses reported such events, compared to 20% of medium and large enterprises. This is significantly behind the international experience.

Based on the above it is not surprising that three quarters of micro and small businesses believe that their current protection is sufficient, but even those companies underestimate the relevant risks that are aware of such dangers. Too much confidence leads to insufficient focus on protecting themselves against phishing.

According to the survey 90% of companies think that if they protect their IT devices, they simultaneously protect their data. Nevertheless, 42% of the respondents have a solution specifically focusing on protecting company and customer data. Half of micro-businesses are comfortable with protecting their PCs and laptops with SW coming together with their devices, however, this kind of awareness is higher among SMEs, as two thirds of these companies invest in other security solutions. Most companies do not think about the continuous maintenance and upgrade of their security solutions: less than 10% of micro businesses and a quarter of SMEs continuously review their existing systems and look for up-to-date solutions.

What are the risks that small businesses have to face?

Phishers have a very complex - and a growing - set of tools. Although they are mainly active online, it is common for them to use tricks like official looking messages or fake websites to make their victims share sensitive information, like bank account numbers, personal data or passwords.  A more sophisticated method is malicious viruses (malware), that they install without being noticed on their victims' insufficiently protected devices. These are malicious software with which they can lock devices or encrypt the data stored on them to extort money from the owner.

Telekom's recently introduced Business Net packages provide real-time phishing protection with CISCO Umbrella at no extra cost, which is a solution that reduces the exposure of small businesses to threats while browsing, detects phishing attempts, ransomware viruses or remote control of the device for using them to launch overload attacks without the user's knowledge.  More details can be found here.

"We think it is important to support small businesses against phishing attempts and malicious viruses. It is good to see that more and more managers recognize this need, however, we also experience that there is still work to do" said István Iski, Director of Telekom's Soho-SMB area.

*Research by BellResearch upon assignment by Magyar Telekom (representative research among micro, small, medium and large businesses and institutions on a sample of 2832, out of which the micro+ SME segment relevant to this article was 2079 (Y2021) plus another representative quantitative research among micro and small enterprises on a sample of 103 (Y2022)