Why SMBs are a Top Target for Cyber Attacks

TSP • @myTSPnet


At any given moment, small business owners are likely wearing two (or three or four) additional hats that fall outside of the realm of revenue generation and customer support. In fact, most are truly jacks of all trades when it comes to inventory management and HR to legal to marketing.

Because of this, unfortunately many small businesses overlook their security function. While many of the cybersecurity attacks and data breaches we see across headlines happen to major enterprises, the reality is cyber criminals do not discriminate by size and the aftermath of an attack can devastate a small business.

Cybercrime is a big business. It's projected to cost the world $6 trillion by the end of 2021. Moreover, cybercriminals have found a sweet spot — small businesses.

According to a recent report, 58% of cyber attack victims are small businesses (organizations with fewer than 250 employees). This may seem counterintuitive for two reasons. First, the big payoff would seem to be had by going after large organizations. Second, the news is filled with headlines about cyber attacks on big companies, not small ones. For example, this Target hack during which the credit card details of tens of millions of people were stolen. However, the hackers actually gained access to Target’s network by infiltrating a small HVAC company and stealing that company’s access credentials to Target’s network.

A cyber attack can destroy a business because the cost of cleaning up after a breach can be considerable. In fact, ransomware attacks caused nearly a quarter of small and medium-sized businesses hit by them to completely halt operations. Additionally, recent statistics show that around 60% of SMBs that are forced to suspend operations after a cyber attack never reopen for business. The lost revenue due to downtime, the cash spent attempting to remediate the breach and the reputational damage can add up. Despite the facts, most small business owners aren’t prepared to prevent, detect or respond to a cyber attack. Here are four reasons why SMBs are a common target for cyber attacks.

Smaller enterprises are generally quite complacent about security. Due to the size of their operations, they tend to assume they're safe from malicious attacks when in reality, it's quite the opposite. Smaller businesses are more at risk of successful cyber attacks than larger ones as they often lack the budget to implement successful cybersecurity strategies. A recent report revealed that only 20% of organizations believe cybersecurity to be a top business priority.

Small business owners need to ensure that they remain one step ahead of cyber criminals and should seek advice from cybersecurity professionals and invest in protection policies. Investing and adopting in threat solutions will often improve protection against the growing number of threat actors.

Larger companies are often harder to penetrate as they have sophisticated security defenses in place. As many SMBs are connected electronically to the IT systems of larger partner organizations, it provides an inroad to the ‘big names’ and their valuable data. Hackers clearly go small to win big, but if found to be the flaw in a large organization’s security defense, small businesses could suffer catastrophic reputational and financial damage.

SMBs are in a vulnerable position when it comes to cyberattacks in the sense that a ransomware request could put them out of business overnight. With their business at stake, victims of ransomware often feel they have no options but to adhere to the request.

Arguably SMBs have no one else to blame but themselves. By not keeping their employees abreast of security concerns and issues, they are leaving themselves vulnerable to ransomware and phishing. Research reveals that the biggest internal threat to a business is the human element, through errors made by employees. Companies must educate their staff on the evolving threat landscape and the potential threats of opening unsolicited email attachments.

Businesses are also falling victim to the latest in a new generation of cyber attacks: CEO fraud. CEO fraud involves hackers designing and sending fraudulent emails to an employee, posing to be the CEO of the company. They use a domain name that appears similar to the target to scam the employee, with the email typically requesting sensitive company information or money transfers. 

By introducing dual authorization procedures, SMBs can detect CEO fraud quickly and protect their organization from such attacks. Most SMBs have internal messaging tools, such as Slack of Skype for Business, that are more difficult to compromise. Companies should use such platforms to verify the authenticity of a payment request. Having a second pair of eyes overlooking the request can make all the difference and potentially save business a significant amount of money. 

Small business owners must make cybersecurity planning as important as other aspects of the business planning process. Failing to do could mean that the business could face an existential threat that could have been prevented.