Small business owners often think they are too relatively insignificant to be noticed by the roving eye of online criminals. There are always indiscriminate attacks, of course, such as mass emails. Targeted attacks are sometimes misconstrued by business owners as being exclusively something for industry giants, like Sony and Yahoo!, to worry about.
The truth is, small businesses are just as much at risk of being specifically singled out by cyber thieves; in some circumstances, even more so. The primary reason is that while smaller companies may not seem to be as lucrative, they are much easier targets than major companies; who can afford to have a large IT department on top of their security around the clock.
Criminals still find plenty of value once they penetrate the networks of smaller companies. Prime examples include selling stolen client data on the black market for identity theft, using CEO address book information for scams, ransack bank and credit accounts and steal trade secrets or valuable financial information like communications about mergers. Criminals may also take over the company’s websites and social media accounts to install malware giving them illicit access to site visitors.
The most recent statistics collected by Symantec show that nearly half of all victims of cyber attacks on businesses worldwide had 250 employees or less. Additionally, a February 2016 survey conducted by CFO Magazine found that about 20% of respondents with small or medium-size businesses had been hit by some form of attack in the past year. All told, the average take when a cybercriminal gets illicit access to a small business is usually well into the tens of thousands of dollars.
Social engineering and “phishing” attacks are the most popular means for a criminal to try to get access to a business network, more so than direct hacking attacks on the company’s security measures. These consist primarily of email messages with attachments or links which install malware providing a back door for the criminals to enter. Another technique is “spoofing”, where criminals send emails made to appear as coming from legitimate addresses. For example, emails may be spoofed to appear to be coming from banks or web hosts, and prompt the recipient to visit a phony (but equally legitimate-looking URL) to change their password details or log in to take care of something. Credentials entered in this phony site by the victim is captured by the attacker for later use.
Ransomware has become a well known pervasive threat to businesses since 2013, when the original form known as CryptoLocker ran wild throughout the world. There are now countless derivations of the original CryptoLocker formula, all of which work the same way; crucial files highly encrypted before the hackers send a message demanding a paid ransom in return for the password to restore the files.
Why Small Businesses Become Easy Prey
The blame for small businesses being such an easy target doesn’t actually rest on their inability to provide stronger security measures but rather because business owners are in denial that their business offers anything that a hacker might want. Data security as a service (DSaaS) is available for small business owners with less than 10 computers at an affordable monthly cost that delivers the same level of security that large enterprises pay much higher sums. Business owners are not aware of how great a threat they are facing and don’t take the basic security steps that they should. With limited budgets to juggle, there’s a temptation to shove cyber security farther and farther down the list when the full scope of the threats out there isn’t clear.
Small businesses face not only theft of their own resources, but even more far-reaching repercussions from intrusions and data breaches. They may face lawsuits from consumers for not adequately protecting their data, or fines from credit and debit card companies for not meeting required security standards.
Tie National created Guardian Cyber Security specifically with small business needs in mind. This all-in-one, out-of-the-box solution provides protection from malware, viruses, ransomware, and similar threats as well as performs diagnostic checks and connects users to a 24/7 support network. Contact us to learn more, or with any questions, you may have.