NEW YORK (
) - Small businesses have massively underestimated the threat posed by cybersecurity, according to research released on Monday by the National Cyber Security Alliance (NCSA) and
(SYMC - Get Report)
The study, which surveyed 1,015 U.S. businesses with less than 250 employees, revealed a glaring disconnect between cybersecurity perception and reality at small- to medium-sized businesses, or SMBs. While more than 77% of respondents said that their company was safe from the likes of hackers, viruses and malware, a massive 83% have no formal cybersecurity plan in place.
The research, released as part of National Cyber Security Awareness Month, also revealed that 66% of SMBs are not concerned about cyber threats. Experts, however, warn that cybercriminals could use small businesses as a "stepping stone" from which to launch attacks.
"SMBs have to realize that data is the coin of the realm in cybercrime," said Michael Kaiser, executive director of the NCSA, in an interview with
, pointing to the likes of customer and employee data. "Cybercriminals may use [SMBs] to get to somebody else."
Criminals, for example, could use an SMB's client contact list in a phishing attack, a form of online scam typically launched via email.
Social media is also a popular launch pad for criminals' phishing attacks; although the research found that 70% of SMBs do not have policies for employee social media use.
"Cybercriminals know that small businesses are less defended than large businesses," noted Kaiser. "Small businesses could appear as a very easy entry point for a lot of cyber criminals."
"In many cases, small businesses don't think that they are going to be attacked as much as a large organization," added Laura Garcia-Manrique, vice president of SMB Customer Experience at Symantec. But that's not the case. A small business, she added, is four times more likely to suffer a general malware attack than a large organization.
The NCSA urged SMBs to look at where their information is being stored and used, and protect those areas. It also reminded small businesses to enforce strong password policies, encrypt confidential information, educate employees about cybersecurity and stay up to date with the latest viruses and worms.