Small business owners are responsible for establishing and growing the business. This means they often wear more than one hat at any given time. While they are focused primarily on customers and revenue, they also serve as a jack of all trades when it comes to everything from HR to legal to marketing.
Because of that, a mistake many small businesses make is overlooking their security function. While many of the cybersecurity attacks and breaches we see across headlines happen at major enterprise organizations, the reality is cybercriminals don’t discriminate by size and the aftermath of an attack can devastate a small business.
In fact, cyberattacks on small businesses are more common than many think, with more than two-thirds (67 percent) of companies with fewer than 1,000 employees having experienced a cyberattack, and 58 percent having experienced a breach, according to a recent report.
The same report also found that 60 percent of small businesses could go out of business due to damages associated with a cyberattack.
So what exactly do cyber criminals want from a small business? Here are a few key motives:
Personal Data: If you can hack a large corporation, you can hack a small business. Cyber criminals understand small companies collect data that is easy to offload for a profit on the Dark Web, such as medical records, credit card information, Social Security numbers, bank account credentials or proprietary business information. In 2019, for example, a small medical practice in Michigan reported a ransomware attack that had encrypted their files, including patient records, appointment schedules and payment information. The two doctors who owned the business refused to pay a ransom to unlock their files, according to a published report. After the hackers deleted their files, the owners closed their doors.
Computing Power: Cyber hackers can also attack businesses through company’s computers and IoT devices, and recruit them into an army of bots to perform massive DDoS attacks. DDoS works by artificially generating enormous amounts of web traffic to disrupt service to a company or group of companies. The repercussions of a DDoS attack include an unreachable online platform, disruption to business operations, slow response times and more.
Links to the Big Fish: Today’s businesses are digitally connected to each other to complete transactions, manage supply chains and share information. Since larger companies presumably (although not necessarily) are tougher to penetrate, hackers target smaller partners as a way to get into the systems of large companies. This is what happened in the Target breach, which resulted in 40 million stolen credit and debit cards. If you recall, the thieves accessed the retail giant’s system through a smaller business, a third-party subcontractor that provides refrigeration and HVAC systems.
Cash, Pure and Simple: Cyber criminals typically attack for one primary reason - profit. This explains why ransomware is such a popular method of attack. Hackers often times succeed, generating revenue for attackers. And as long as an attack method proves lucrative, hackers will keep using it.
While enterprise organizations have entire teams devoted to handling cybersecurity, at many small businesses, those efforts are handled by someone who likely wears many other hats in the day-to-day operations of the business. In addition to the previously mentioned motives, that also makes small businesses particularly vulnerable to hackers.
To protect against the growing range of cyberthreats, businesses can leverage technology to deliver protection, scan for threats, secure the network and perform threat analysis. Fortunately, the technology security landscape is full of these types of solutions designed to help small businesses approach security more intelligently.
When businesses decide to ignore cybersecurity, they are taking a huge risk, not only for themselves, but their customers, partners and suppliers. For small businesses, it is imperative to develop a strong 360-degree cybersecurity strategy and implement measures to combat against costly threats such as malware, ransomware and bots.