Cybercrime and SMBs
The Cybersecurity Threat to SMBs (Small & Medium Business)
In 2021 alone, the world has witnessed some of the most devastating, large-scale cyberattacks ever. When big business, government or supply chain infrastructure are attacked, it makes the headlines. That doesn’t mean cybercriminals are only targeting major corporations however. It may not make the headlines, but hackers have got small business firmly in their sights.
A recent study by Accenture found hackers were targeting small businesses 43% of the time. Of more concern, the same report revealed only 14% of small businesses were investing in cybersecurity measures to protect themselves.
Until small business owners comprehend the dangers faced by cybercrime and act to mitigate risk, breaches will continue to rise. SMB (small to medium business) management need to provide employee cybersecurity awareness training to not only provide staff with the ability to recognise potential threats, but know how to respond to them.
The days of hackers breaching companies just for the challenge are gone. Apart from occasional acts of vengeance or political attacks, cybercriminals want the same thing as everyone else - money. That’s why ransomware is deemed to be the top threat to small businesses.
A recent report found that 85% of managed services providers (MSPs) confirmed that ransomware was the most common threat to small business. Those same MSPs reported more than half their clients being victims to such attacks.
Perhaps more alarmingly, whilst MSPs rated themselves ‘very concerned’ about ransomware attacks, less than 30% of small-to-medium businesses (SMBs) shared the same level of concern. It’s no wonder small to medium businesses are being targeted by cyber criminals.
What Is Ransomware?
Ransomware refers to the software used by cybercriminals to hold organisations to ransom. Hackers usually attempt to infect a PC, server, laptop or other device with malware designed to encrypt files, thus making them inaccessible to the business.
The victim is usually alerted through an on-screen message stating that the user’s system/data has been locked.
Hackers may try to increase the amount of ransom by threatening to expose sensitive or critical data to clients, or release confidential client information to the wider world to cause reputational damage.
Ransom amounts demanded of SMBs vary greatly based on a range of factors, but is rarely less than $10k and can be in the hundreds of thousands and in the worst case – millions. The ransom amount (if paid) might only be a fraction of the total cost. In many cases, companies are forced to cease operating until the incident is resolved. They generally need to employ the services of specialists to conduct a forensic audit, not to mention reputational damage.
According to The US Securities & Exchange Commission, 60% of US based companies go out of business within six months of a data breach.
Protecting SMBs Against Ransomware
Phishing emails are the major cause of successful attacks. Cybercriminals usually don’t need to rely on hi-tech hacking tools, not when it’s easier to simply trick people. As the old saying goes – you’re only as strong as your weakest link.
All SMBs must invest in basic cybersecurity training for employees. Phishing attacks can be prevented simply by staff trained to know what to look out for. Then there’s the basics – strong passwords set to change periodically, and where possible – using multi-factor authentication (MFA) and single sign-on (SSO) technologies.
Contact Cyberlorian for more information about how you can improve your cybersecurity.
Raph Tripp has worked in a variety of roles including IT management, Operations, project management, PMO and as both systems and business analyst. Since 2000 he has worked in a range of industries including gaming, hospitality, managed services, NFP and education.