Written By: Tanay Shah
“BREACHED!” “HACKED!” “ATTACKED!”
We generally associated the above terms with large corporations (i.e. Target, Marriott, Equifax, Yahoo) since they hold the majority of media coverage. But, I have some bad news for you: Small & Medium Businesses (SMBs) encounter cyberattacks much more often.
Cisco’s 2018 SMB Cybersecurity Report found that 53% of mid-market companies in 26 countries experienced a breach.
According to the Ponemon Institute’s 2018 State of Cybersecurity in Small & Medium Size Businesses survey, cyber attacks on SMBs have increased from 61% in 2017 to 67% in 2018.
In Verizon’s 2018 Data Breach Investigations Report, it was recorded that 58% of all cyberattacks target small businesses.
Reasons Why SMBs Are Targeted:
They are part of the economic value chain
Hackers have found an indirect path to hack/breach the most robust of defense systems found in large corporations; through SMBs. It’s not abnormal for SMBs to provide their products/services to larger organizations, hence forming the lower segment of the economic value chain. Because of this architecture, attackers now view SMBs as an easily compromisable weak link that allows them to easily penetrate the networks of large corps.
Budgetary constraints and lack of seriousness regarding cybersecurity
Hackers are aware of the complacent nature of small businesses when it comes to cybersecurity. They understand that small businesses invest little-to-no money on improving their cybersecurity situation. Ultimately, it gives an easy opportunity for attackers to exploit.
Flexibility of working
Today, an increasing number of smaller companies have been adopting policies that allow employees to use their own devices in the office, and work from remote locations. When an employee accesses his/her computer on public WiFi, they simultaneously place company data at risk. Mobile devices, in particular, are breaking down security walls, as they provide a new gateway for hackers.
More likely to pay a ransom
According to the Ponemon Institute, the average cost for small businesses to recuperate after being hacked is about $690,000 and, for middle-market companies, it hovers over $1 million. These costs represent a huge financial burden for SMBs. In fact, according to the U.S. National Cyber Security Alliance, 60% of small companies are unable to sustain their business for more than six months following a cyberattack. This makes SMBs a lucrative attack target as they are much more likely to pay a ransom in order to protect their business.