Should Small to Midsize Businesses Be Concerned About Cyber Threats?
In 2020, the FBI reported a whopping $2.7B as the cost of cybercrimes in just that year. While no business is immune to cybersecurity attacks, small and medium sized businesses are especially vulnerable. In a survey conducted with small to medium business owners in late 2021, 42% of business owners suffered a cyber-attack in the last year. Additionally, according to the U.S. Small Business Administration (SBA), 88% of small business owners feel their businesses are vulnerable to cyber-attacks. Small to medium businesses remain attractive targets for cyber criminals because they have information criminals want and often have weaker security infrastructure compared to larger businesses. Let’s look at some of the most common cyber threats specific to small or medium sized businesses:
Phishing is defined as the act of deceiving individuals by sending a message via email, social media, or SMS to acquire sensitive or confidential information. The most popular method of phishing is via email, with one analysis revealing that one in every 99 emails is a phishing attack. These emails appear legitimate, often using a real company or individual’s name, and entice recipients to open an attachment or click a link that’s actually malicious code. This can result in a victim’s computer becoming infected or inciting a network breach. These attacks continue to rise in number of occurrences and sophistication, making them increasingly difficult to spot. It’s important to train staff to recognize the signs of phishing attempts and have clear guidance to follow if one is received.
Business Email Compromise
Business Email Compromise is when an attacker gains access to a business email account and sends emails to other employees, clients, and partners, pretending to be the email account owner. These are usually financially motivated attacks with the goal of fraudulently requesting and then receiving payments from employees. In 2020 alone, the FBI reported BEC attacks caused more than $1.8B in losses to businesses.
Otherwise known as malicious software, malware is an umbrella term referring to software specifically designed to bring about damage to a computer, server, client, or a computer network. In 2020, malware made up 17% of all data breach actions. Typically, malware originates from malicious website downloads, emails, or connection to already infected devices. Malware attacks can be especially harmful for small or medium businesses due to the cost of device repairs or replacements.
Ransomware, one of the most common types of malware, restricts access to a computer or encrypts certain company data until a ransom is paid. Typically, ransomware comes from a malicious link via phishing email and then exploits software vulnerabilities. Ransomware can be quite crippling for any business due to the amount of downtime experienced and the rising cost of requested ransom fees. The average downtime for a ransomware attack victim is 21 days. As for demanded ransom payments, this number jumped from $5,000 in 2018 to $200,000 in 2020. Hackers often target small businesses with ransomware because they know how dependent these businesses are on their critical data and company time. Most businesses in this instance are forced to pay the ransom in order to return to normal operations.
No Company is Safe From Cyber Threats
Cybersecurity threats are numerous and don’t discriminate based on company size. Every threat poses a possible cybersecurity risk, and in addition to the increasing number of threats across every industry, cyber criminals continue to find new, smarter ways to attack. Regardless of size or industry, no company is immune from cyber-attacks, so having proper cybersecurity protocols in place are essential. Well established protocols can help prevent—or lessen the impact of—attacks.
Content originally written by Blue Team Alpha and has been reposted here with permission.