Small Businesses Hacked 3X More than Larger Companies
Because you operate a small to medium size business do you feel you are more secure from cyberattacks? Maybe you thought that you couldn’t possibly have anything that a hacker could want? Didn’t think they even knew about your small business.
A new report by cybersecurity firm Barracuda Networks completely debunks this myth.. Their report analyzed millions of emails across thousands of companies and organizations. It found that small to medium size companies have a lot to worry about when it comes to their IT security.
They found something very alarming. Employees at small companies saw 350% more social engineering attacks than those at larger ones. It defines a small company as one with less than 100 employees. This puts small businesses at a higher risk of falling victim to a cyberattack. We’ll explore why below.
Hackers see small businesses as low-hanging fruit for many reasons. And why they are becoming larger targets of hackers out to score a quick illicit buck is due to a sevre lack on understanding and the lack of investment in cyber security solutions. This is something that Onyx IT identified as an issue sometime which is why we are constantly investing in new solutions to bring to clients in order for them to mitigate their cyber risk.
Running a small business is often a juggling act of where to prioritize your spend. You may know cybersecurity is important, but it may not be at the top of your list of items to invest in. So, at the end of the month, there may be no room in the budget so it gets moved to the “next month” wish list of expenditures.
Small business leaders often don’t spend as much as they should on their IT security. They may buy an antivirus program and think that’s enough to cover them. But with the expansion of technology to the cloud, that’s just one small layer. You need several more for adequate security.
Hackers know this and see small businesses as much easier target. They can do much less work to get a payout than they would trying to hack into an enterprise corporation. This is something that is proven given the results shown in reports and studies such as that produced by Barracuda.
Even a 1-person shop has data that’s worth stealing for a hacker. Credit card numbers, NINs, tax ID numbers, and email addresses are all valuable. Cybercriminals can sell these on the Dark Web. From there, other criminals use them for identity theft, resulting in significant damage being caused to your employees, clients and ultimately you and your business.
Here are some of the data that hackers will go after:
As we explored in Onyx's article "Securing the Supply Chain", if a hacker can breach the network of a small business, they can often make a larger score. Many smaller companies provide services to larger companies. This can include digital marketing, website management, accounting, and more.
Vendors are often digitally connected to certain client systems. This type of relationship can enable a multi-company breach. While hackers don’t need that connection to hack you, it is a nice bonus. They can get two companies for the work of one.
Ransomware has been one of the fastest-growing cyberattacks of the last decade. So far in 2022, over 71% of surveyed organizations experienced ransomware attacks. This is another area Onyx has written about, see out article "The Threat of a Ransomware Attack is Real"
Victims that pay the ransom to attackers has also been increasing. An average of 63% of organisations pay the attackers ransom in the hope of getting a key to decrypt the ransomware. Which may or may not ever come.
Even if a hacker can’t get as much ransom from a small business as they can from a larger organisation, it’s worth it. They often can breach more small companies than they can larger ones.
When you pay the ransom, it feeds the beast and more cyber criminals join in. And those newer to ransomware attacks will often go after smaller, easier-to-breach companies.
Something else that is not usually high on the list of priorities for a small business owner is training employees on the threats of cybercrime. As an employer you are probably doing all you can just to keep good staff making sure they are motivated and focused, but are they and their data protected? Priorities are often sales and operations, not security.
Training employees on how to spot phishing and password best practices often isn’t done. This leaves networks vulnerable to one of the biggest dangers, human error.
In most cyberattacks, the hacker needs help from a user. It’s like the vampire needing the unsuspecting victim to invite them inside. Phishing emails are the device used to get that unsuspecting cooperation.
As Onyx explored in our article "Bogus Phishing Emails are on the Rise", phishing emails sitting in an inbox can’t usually do anything. It needs the user to either open a file attachment or click a link that will take them to a malicious site. This then launches the attack.
Training employees on how to spot these ploys can significantly increase your cybersecurity stance. Security awareness training is a key portion of a complete cyber security solution.
If the answer is NO then reach out today to schedule a technology consultation. We offer affordable options for small companies. This includes many ways to keep you protected from cyber threats.
We can start with a quick and easy to complete cyber security audit, if you want to see what risks your business faces then please sign up for your cyber security audit here.
Article used with permission from The Technology Press.