GDT Webinar Series – How to Fail at Security? Reserve Your Spot

The FTC’s findings—and what they’re doing about it—regarding small businesses and cybersecurity

FTC's findings
FTC's findings for small business

By Richard Arneson

By now, most of us are aware that cyber threats don’t discriminate. Any business, regardless of size, industry, location, et al., is a potential target. The media, of course, is going to focus on breaches that affect huge, public-facing, high-profile corporations whose names are recognizable (Target, Uber, LinkedIn, JP Morgan Chase, Home Depot, to name only a few). And that media focus can make small, even mid-sized, business owners feel like they’re somewhat hidden and tucked away, like a homeowner who’s selected a neighborhood off the beaten path. With cyber attacks, however, everybody’s on the path.
In fact, small businesses suffer more malware infections than their larger counterparts, and, according to the Ponemon Institute’s report 2017 State of Cybersecurity in Small- and Medium-sized businesses, that number is on the rise. At the time of its writing, small businesses had experienced a sixty-one percent (61%) rise in attacks during the prior twelve (12) months; in 2016, it was up fifty-five percent (55%). While it’s probably giving cyberattackers too much credit to believe they single out and target small businesses (they tend to utilize a spray and pray technique), there’s no question—small businesses are getting caught in the crossfire.

The FTC is doing something about it

October was cybersecurity month, which seems a little odd. Every month should be cybersecurity month. Every day should be cybersecurity month, if that makes sense. And the FTC agrees.
Over the last twelve (12) months, the FTC crisscrossed the country conducting interviews and having discussions with small- to mid-sized business owners. Those discussions brought to light one (1) primary theme as it relates to small businesses and cyber threats—they are bringing a knife to a gunfight. They saw the immediate need to launch a cybersecurity resource for small businesses to help ensure they’re protected, or at least heading in the right security-related direction.
The FTC teamed up with the Small Business Administration (SBA), the National Institute of Standards and Technology (NIST) and the Department of Homeland Security (DHS) to develop clear, easy-to-use resources, which includes training, quizzes and videos on the following key security topics:

  • Cybersecurity Basics
  • NIST Cybersecurity Framework
  • Physical Security
  • Ransomware
  • Phishing
  • Business Email and Email Authentication
  • Tech Support Scams
  • Vendor Security
  • Cyber Insurance
  • Web Hosting
  • Remote Access

Yes, security threats abound, but they’re not just related to external threats. According to another study by the Ponemon Institute, over seventy-five percent (75%) of businesses largely remain unprotected from malicious insiders and employees lacking proper security education. Security is a lot to think about, but don’t wait until next October to learn about how to protect your organization. Remember, every day is security month! And to get started, you can learn here how to give your business a security self-exam.

Don’t leave it up to chance

To find out more about the many threats that may soon target, or are currently targeting, your organization, contact GDT’s tenured and talented security analysts at SOC@GDT.com. From their Security- and Network Operations Centers, they manage, monitor and protect the networks of companies of all sizes, including those for some of the most notable enterprises, service providers, healthcare organizations and government agencies in the world. They’d love to hear from you.

Read more about network security here:

Hiring A Hacker Probably Shouldn’t Be Part Of Your Business Plan
Gen V
Sexy, yes, but potentially dangerous
Tetration—you should know its meaning
It’s in their DNA
When SOC plays second fiddle to NOC, you could be in for an expensive tune
How to protect against Ransomware

Author

Share this article

You might also like:

You may have already heard, but if not, I’m pleased to inform you that HPE has officially completed its acquisition of Juniper Networks. First announced back in January of 2024, the HPE Juniper acquisition is now a done deal. Juniper’s CEO, Rami Rahim, is charged with leading the HPE Networking

The Cisco True Forward: How to avoid surprise costs

It started with an invoice they didn’t expect—$280,000 in unbudgeted costs tied to licenses they didn’t even know they were overusing. That was the moment this healthcare provider realized how important Cisco True Forward visibility really is. And they’re not alone.  For organizations that rely on Cisco to power critical

Salt Typhoon cyberattack

In a January 2025 advisory, CISA’s then-director, Jen Easterly, stated that “China’s sophisticated and well-resourced cyber program represents the most serious and significant cyber threat to our nation, and in particular, U.S. critical infrastructure.” Whether they aim to spy, disrupt, or destroy, safeguarding infrastructure against Salt Typhoon cyberattacks and other