February 22, 2018

February 21, 2018

Subscribe to Latest Legal News and Analysis

February 20, 2018

Subscribe to Latest Legal News and Analysis

February 19, 2018

Subscribe to Latest Legal News and Analysis

Small Business, Big Risk: Cybersecurity Threats Facing Small and Medium-Sized Businesses

When it comes to cybersecurity and data breaches, smaller businesses do not necessarily make less likely targets. According to a recent report on the state of cybersecurity in small and medium-sized businesses by the Ponemon Institute, 61% of small and medium-sized businesses experienced a cyberattack in 2017, a 6% increase from 2016. Similarly, the report said 54% of small and medium-sized businesses experienced data breaches (up from 50% in 2016). In a recent article in Entrepreneur, CEO of Simple SEO Group Brendan Egan discusses some of the biggest cybersecurity threats facing small businesses today.

The Risk of Leaks in the Internet of Things

As we have previously discussed on this blog, the security of internet of things (IoT) devices has been a growing concern for both government and industry, due in part to a number of high profile attempted cyberattacks using IoT devices. The connected nature of IoT devices and real-time data collection that makes IoT a powerful tool for organizations also creates multiple potential backdoors into the organization. To prevent IoT devices from being targeted by hackers, it is important to observe security best practices such as changing default passwords and, for manufacturers, providing unique default usernames and passwords that are difficult to crack. As we have previously discussed, among other organizations, the US Department of Homeland Security has issued guidance to help stakeholders account for security in the development, manufacturing, implementation, and use of IoT devices.

Algorithmic Exposure

Organizations that increasingly rely on algorithms with operational and business decisions for critical systems run the risk of losing visibility into the functioning and interaction of those systems. The Threat Horizon 2018 report from the nonprofit Information Security Forum advises organizations to examine the risks that come with systems controlled by algorithms and determine when a human should monitor execution or decisions.

Awareness of Known Vulnerabilities

Security researchers frequently uncover critical vulnerabilities in systems as part of efforts to examine and improve security, but the response of manufacturers and providers to these actions are not consistent and may range from implementing public bug bounty programs to taking legal action against researchers. Depending on a provider’s approach, the result could mean exposure to vulnerabilities potentially known to bad actors but not the customers. As part of the procurement process, technology buyers should therefore consider how vendors handle the identification of vulnerabilities and the relationship between the vendor and the security research community.

Copyright © 2018 by Morgan, Lewis & Bockius LLP. All Rights Reserved.


About this Author

Emily R. Lowe, Morgan Lewis, Biotech Development Lawyer, Acquisitions Attorney
Of Counsel

Emily R. Lowe represents clients in commercial transactions, with a focus on the acquisition, use, protection, development, and commercialization of technology and biotechnology. Emily helps domestic and international companies commercialize their products through various commercial vehicles, including manufacturing and supply agreements and distribution strategies, and development and licensing agreements.

Glen W. Rectenwald, Business & Finance Attorney, Morgan Lewis Law Firm

Glen W. Rectenwald is an associate in Morgan Lewis's Business and Finance Practice. The lawyers in our Business and Finance Practice focus on mergers and acquisitions (including joint ventures, spin-offs, and strategic alliances), finance and restructuring, securities (including public and private equity and debt offerings), and tax. Clients range from Fortune 500 companies to investment banks to emerging market companies.

Mr. Rectenwald earned his J.D. from the Duke University School of Law in 2012, where he served as online editor for the Duke Journal of Comparative and International Law and received an award for Outstanding Achievement in Commercial Transactions and Bankruptcy Law. He earned his Master of Theological Studies (M.T.S.) from Harvard Divinity School in 2009 and his B.A., magna cum laude, from Baldwin-Wallace College in 2007.

Mr. Rectenwald is admitted to practice in Pennsylvania.