Why Do Hackers Target Small Businesses?
Data breaches and cyber-attacks on corporate giants and governments are frequently reported throughout the media. In 2019 alone, organizations that fell victim to cybercrimes included Capital One, the American Medical Collections Agency (AMCA), and Facebook.
The last decade has also seen attacks on the Sony PlayStation in 2011 and Equifax. Both attacks leaked the personal information of millions of customers, and for some, even their credit card details.
Cybercrime is a grave concern for all, but an excess of media attention given only to the high-profile cases may be serving to divert attention away from where it is most needed – closer to home.
For those London businesses that are uncertain about their cybersecurity solutions, the best solution could be to find a London-based IT support provider that can deliver a service that can maximize security.
1. Concerns for small businesses
With global rates of recorded cybercrimes on an inexorable rise, there is no doubt that everyone should be made aware of the threats, and how best to prepare for them. But figures show that small enterprises, in particular, are at risk.
- Nearly fifty percent of small businesses have experienced a cyber-attack.
- More than 70 percent of cyber-attacks are directed at small businesses.
- Sixty percent of small businesses that are hacked go out of business within six months.
- As little as 53 percent of companies with a workforce of less than 50 consider cybersecurity to be a high priority.
- Eighty-three percent of small businesses do not have a definitive cybersecurity plan, and 69 percent do not have any idea in place.
- Only 14 percent of small businesses are ready to defend themselves against cyber-attacks.
When compared with statistics from the last decade, a trend can be noticed of a shift in cybercrimes towards small businesses. There has been a year-on-year increase, sometimes exceeding 50 percent. But why are hackers more interested in smaller prey?
2. Lower levels of security
While large corporations have the funds, resources, and trained professionals needed to combat the majority of cyber-attacks, smaller organizations do not.
Figures show the percentage of IT budgets of small enterprises allocated to cybersecurity has massively increased in the last decade. However, continued attacks on small firms prove it to be insufficient.
With a high proportion of small businesses that are ill-equipped to tackle malicious attacks that could potentially be fatal, hackers have an easier task of breaking through company defenses.
Attacks that are common include ransomware, which in 2018 targeted small businesses in 71 percent of attacks. Average ransoms demanded are $116,000, and smaller organizations are particularly vulnerable as hackers know that data is often not backed up.
Phishing, Malware, and Distributed Denial of Service (DDOS) attacks also present considerable threats to small businesses. Of all breaches to organizations, phishing accounts for around 90 percent. According to the FBI, these scams accounted for $1.8 billion in losses to business in 2019.
3. Insider threats
Another form of cybercrime that is on the rise, the Verizon 2019 Data Breach report, showed that 34 percent of all breaches had been the result of inside actors. This was an increase from 25 percent in the previous year.
Employees can cause these with malicious intent, but they can also be unintentional, resulting from limited education in IT security issues or an absence of the appropriate protocols.
One of the main contributing factors to the insider threat is the wide-ranging access given to employees, in many cases, when it is not necessary.
Identification and Access Management (IAM) is the term given to granting and managing access, which, when effectively applied, can contribute towards a sound cybersecurity policy.
In addition to a keen awareness of security issues within a small business, this can help to reduce insider threats.
4. Employee training
In smaller businesses with fewer employees, sufficient training programs can often be bypassed to make way for more immediate issues. This can be much to the detriment of an organization, as employees need to be made aware of security threats, how to prevent them, and the correct ways of recognizing and responding to them.
Rather than mechanically following company procedures, employees need to be educated on the potential dangers of cybercrimes and the damages they can cause. Small businesses are well-advised to cultivate a culture of cybersecurity awareness in their workforce, so threats that may be caused by simple mistakes can be avoided.
Cyber-threats are an incredibly severe issue for small businesses. While large corporations can foot the cost of an attack, this is often not the case for new enterprises looking to grow. For these businesses, the message is clear: educate yourselves and take your security measure to the absolute maximum.