Good things come in little packages. That’s why cyber-thieves go after small businesses.
Although it’s rare to read a story about a business that was breached that isn’t a national company, small businesses get breached far more often. And cyber-thieves will stop at little to get their stash. Last year the LA Times reported on a small financial company that stored its backup computer drives in a remote location. Professional burglars “cracked open a safe bolted to the floor and made off with the financial records of hundreds of the firm’s affluent clients.”
Most thieves who are after a small business’s digital information don’t have to drive anywhere to steal data. Depending on how lax the security is, they could break into a company’s network directly through its website or they could send a staff member a phishing email. Once the employee clicks on the email’s malicious link or malicious attachment, malware is surreptitiously downloaded onto her computer, giving the attacker access to her computer and everything in the network it can access. If the network is not locked down tight, the attacker could find a way to access other parts of the network that even the employee can’t. When the attacker worms his way into other systems, he could get control of your business’s intellectual property, banking credentials and customer data, such as credit card information and personal identifiable information.
Nowadays, all supply chains are connected via the Internet, and small companies have access to the networks of the large companies they service. For example, ACME Accounting handles accounting services for Big Box Retailer, so to do their jobs ACME employees can access Big Box’s network. Attackers will breach the small business, ACME, to ultimately gain access to the large company, Big Box. If two networks are connected in any way, all attackers have to do is move from one company’s system to the other’s until the attackers reach their main targets.
In 2013, the National Small Business Association reported that 44 percent of respondents to a survey had been victims of at least one cyberattack, with an average $8,699.48 cost for each breach. That same year, the Ponemon Institute published “The Risk of an Uncertain Security Strategy: Study of Global IT Practitioners in SMB Organizations,” after surveying more than 2,000 individuals who managed IT security at small and medium sized organizations. The study reported that 42 percent of SMBs said they experienced a cyberattack within the past year. Yet 58 percent of respondents said that management does not see cyberattacks as a significant risk.
Practice Makes Perfect
As well as being easy and profitable, small businesses are also good practice targets for cyber attackers. Because small businesses lack the funds and the personnel that large businesses have, cyber-thieves know they don’t have to work too hard to break into a small network. They often hone their techniques on small companies until they get their malware and attack vectors down just right. Attackers will often practice taking down a small business organization’s website using a Distributed Denial of Service (DDoS) attack, and when they have perfected the craft, they use it on larger businesses and banks. These types of attacks send IT staffs scurrying to get the website back up, while thieves are breaking into the business’s online bank accounts.
Small businesses may have only a couple of IT specialists and one or no cybersecurity specialists, but a reputable security company can provide around-the-clock monitoring so that as soon as anyone breaks into a network, the business is notified and is provided with appropriate measures to get the attackers out before much damage has been done.