I see small businesses on a regular basis running with just whatever their ISP has provided, usually a cheap device that provides connectivity and some very basic firewall-like functions such as NAT and SPI. As far as I am concerned these are just like putting a $5 lock on the front door of your Million Dollar mansion. Here is an example why:
"MikroTik RouterOS vulnerability
CERT NZ has been informed of an active attack targeting MikroTik RouterOS devices.
Attackers are identifying these devices by scanning for public IP addresses running specific RouterOS ports and using older versions of the operating system. Once the vulnerability is exploited, malware is downloaded to the compromised devices. The device is then being used to scan for other IP addresses and spread.
CERT NZ is aware that this attack is active. We strongly recommend investigating and patching any RouterOS devices on your network as soon as possible to prevent them from being compromised."
When Vertech connects a client to the internet we insist on a substantial firewall device like the Sophos XG UTM range which can automatically Hotfix itself when vulnerabilities are found in it's firmware and that also provides additional significant security abilities such as sniffing out malware communications and synchronised security with the computer antivirus software to prevent the spread of the threats. This level of security is not expensive anymore and is absolutely affordable by SMB's - it really is just a case of being a good netizen.
To read more about the vulnerability in what is a very common device in the NZ ISP market place: https://www.cert.govt.nz/it-specialists/advisories/advisory/mikrotik-routeros-vulnerability/
Stay Safe,
Daniel