Do small to medium businesses (SMBs) get a free pass from hackers? Do the bad guys go for the big whales and ignore the small fry? As it turns out, the opposite is true.
According to Symantec’s 2016 Internet Security Threat Report, phishers and other hackers go for small businesses almost as much as bigger enterprises, with 43 percent of phishing attacks aiming for SMBs (compared to 18 percent in 2011).
It all makes sense: after all, SMBs offer richer pickings for arguably less effort.
Low Hanging Fruit
A recent survey by UK company Barclaycard found that only one in five SMBs considered cybersecurity a top business priority. Only one in six respondents reported having adequate countermeasures against cybercrime, and a miniscule one in ten had never invested in improving the security of their websites at all.
These findings were corroborated by a recent study by Juniper Research that found that SMBs were spending less than $4,000 each on cybersecurity measures for 2017, with miniscule increases in budgets predicted for the following five years.
SMBs compound this error with another: the lack of updated software, making them more vulnerable to malware like WannaCry, which exploits Windows vulnerabilities that tend to be immediately patched in newer installs, but stay wide open in older versions.
It’s quite possible that most SMBs believe that cybersecurity is simply too expensive to implement; ironic given that SMBs have more to lose in the event of a breach. Losses can reach between US$36,000 to $50,000 for most SMB data breaches: a pittance for Fortune 400 companies, but disastrous to small businesses.
Gateway to Larger Targets
Hackers also target smaller companies with known connections to larger, meatier targets. Service providers may serve as a cybersecurity “weak link”: their punier countermeasures allowing access to a treasure trove of data that would otherwise be locked away in the clients’ secure networks.
A 2013 attack on retailer Target Corporation resulted in the theft of over 70 million customers’ credit card details, and ultimately a loss of US$200 million dollars. This could have all been avoided if one of Target’s suppliers – a refrigeration and air-conditioning specialist based in Sharpsburg, Penn. – had had more robust cybersecurity infrastructure in place.
A phishing attack on the supplier gave hackers a toehold in Target’s network of cash registers… just in time for Black Friday.
By the end of November, “the intruders had pushed their malware to a majority of Target’s point-of-sale devices, and were actively collecting card records from live customer transactions,” reported Krebs on Security. “Target has said that the breach exposed approximately 40 million debit and credit card accounts between Nov. 27 and Dec. 15, 2013.”
Active Countermeasures for SMBs
So let’s pop the delusion that SMBs don’t count in hackers’ eyes. They do. And if you work in or own an SMB, the sooner you act like there’s a big fat target painted on your back, the better.
Active countermeasures against hackers can protect your company against the vast majority of outside threats. All Covered’s managed IT services – All Covered Care – Secure and Protect – insulates SMBs from the worst elements of the cyber-underworld with three levels of protection, ranging from managed vulnerability scans and cybersecurity training at the lowest level, Unified Threat Management in the middle, and SIEM (Security Information and Event Management) at the top.
Investing in security-focused managed IT services like All Covered’s can keep you afloat in a rising tide of cyberattacks on SMBs.
For more information on All Covered – Secure and Protect and other services, contact All Covered Toll-Free Nationwide at 866-446-1133 or visit www.AllCovered.com.