When I asked SME founders ^ this very question after they faced a security/malware incident, here is what they had to say:
- Didn’t realize that anyone would hack us. What could possibly anyone gain from our low traffic website?
- Our website is secured with HTTPS, so my developer told me that it is ‘un-hackable’
- There’s so much to do, and everyone is wearing a lot of hats to get things done. We didn’t get the time to implement a proper security solution.
- We thought security solutions are expensive, so did not budget it.
- It’s too technical and we don’t have the relevant expertise
- Security tools are confusing. There are soo many options to configure. I was afraid I would do something wrong, so I uninstalled it.
- I managed to install a solution but it was blocking real customers/visitors, so I disabled it.
Unfortunately, SMEs only take security seriously for compliance purposes, or when they get to know that they are hacked!
Without adequate security mechanisms, SMEs remain vulnerable and easy targets. Hackers use tools to identify websites with known vulnerabilities and exploit them in large numbers. Some of these hacks are known as SEO spam, Pharma hacks, web page defacements, malicious redirections etc.
Security was always considered a luxury and not taken seriously until recently. Security solutions have evolved over the years and much simpler to implement. All you have to do now is install a plugin with a few button clicks :)