Is cybersecurity for SMBs a major concern?
Fortune reported that the world saw a 105% surge in ransomware attacks in 2021 alone.
With more and more businesses either moving online or utilizing the internet more heavily, there are more risks to businesses and their customers than ever.
Cybercrime Magazine reports that global cybercrime costs are expected to grow by 15% year over year, reaching $10.5 trillion by 2025, up from $3 trillion in 2015.
SME cybersecurity can no longer be ignored. Here’s why.
Data Breaches & Compromise
The news often reports and focuses on data breaches impacting major companies like Facebook, Amazon, and Google. But this doesn’t mean it’s any less of a concern for SME cybersecurity.
IBM found that the average cost of a data breach for SMBs with less than 500 employees was $2.98 million.
Here are just some of the possible ramifications of data breaches:
● The compromising of sensitive client data can result in fines, damages, and insurance claims
● A widespread breach can result in brand and reputation losses
● These and other factors can impact revenue negatively
Implementing sophisticated security solutions AppTrana for example is the primary way to address data breaches and cybersecurity for SMBs. If your infrastructures are insufficient, now would be a good time to address these concerns.
Business Email Compromise
Email is utilized heavily by most companies for internal and external – business and personal – communication alike. Cybercriminals know this tendency well and are liable to exploit this fact.
Business Email Compromise (BEC) is also known as Email Account Compromise (EAC), and the tactic utilizes legitimate-looking email messages from credible-looking sources, making them harder to spot.
Whether it’s a vendor sending an invoice from an updated email address, or an executive asking her assistant to purchase employee gift cards, BEC involves creating perfectly plausible-sounding scenarios to exploit the end-user and steal resources from the business.
The cost of a BEC attack is exceedingly high. Digital Guardian showed that the average cost of a wire transfer from a BEC attack rose from $54,000 in the first quarter of 2020 to $80,183 in the second quarter alone.
While there are many areas to address in cyber security for small businesses, BEC is a growing concern and expensive to resolve.
Payroll Diversion Phishing Scams
Payroll diversion scams could be considered a subset of business email compromise attacks since they typically utilize seemingly legitimate-looking emails. Ultimately, though, it’s a form of phishing.
Attackers will craft urgent-sounding email messages requesting changes to employee bank account information and sufficient data to impersonate said employee(s).
If the email subject line includes the keyword “urgent,” it may be a dead giveaway. But unless your entire organization is educated on cybersecurity threats for small businesses, it is too easy to fall for payroll diversion scams.
Comprehensive cybersecurity solutions for SMBs should include a rigorous training program.
While it’s easy to think ransomware attacks would not apply to your company, Metallic reports that 46% of SMBs have been victims of ransomware attacks. MSSP Alert has shown that 10% of victims end up paying the ransom demand.
Paying the ransom, however, isn’t a reliable long-term solution because:
- It encourages cybercriminals to continue taking money from other businesses
- Many companies who paid a high price to secure their data still weren’t able to retrieve it
- Companies often end up losing data, money, reputation, and revenues
Why do Cyber Hackers go After Small Businesses?
This might seem like a mystery to SMEs, given that bigger companies typically have more resources to exploit. So, wouldn’t it make sense for cybercriminals to go after larger organizations instead of messing with smaller companies?
The truth is that small businesses typically do not have the same cybersecurity infrastructures that a larger company does. Big businesses often have more resources at their disposal, better IT talent, and more sophisticated software and approaches to mitigating incidents.
It stands to reason that you would be a better target for a hacker if you are more vulnerable to their attacks, even if you don’t have the resources a larger company might have. In some cases, hackers may only need to work half as hard to achieve the same degree of theft.
Even if you can’t afford what larger businesses can afford, SMBs would do well to invest in software, employee training, and a legal professional.
How is your company handling cybersecurity for SMBs? What is your overall strategy? Are you investing in security software? Are you educating your team on best practices and cyber security threats for small businesses? It’s easy to think it will never happen to you, but with internet usage increasing and hackers targeting more SMEs than ever, you can’t afford to be lackadaisical. While it might seem tedious and costly, protecting against possible threats ensures the longevity and success of your business.