As a small business owner, it’s easy to read the seemingly never-ending headlines about cybersecurity breaches at enterprise companies and be lulled into thinking that you aren’t a target. After all, hackers are after the massive storehouses of customer data or proprietary information held by leading companies, right?
While the biggest headline-grabbing hacks involve large companies, cybercriminals don’t discriminate by size. As a matter of fact, 43% of all data breaches involve small and medium-sized businesses. Worst yet? Twenty-eight percent of small businesses have yet to implement any cybersecurity protocol.
The results speak for themselves. Almost two-thirds (61%) of small businesses have experienced a cyberattack during the last year, and these data breaches cost these organizations an average of nearly $3 million per incident. These statistics make it clear all businesses need a solid cybersecurity strategy. Be it ransomware, DDoS (distributed denial of service), phishing or some other threat; there is no shortage of cyber threats targeted at small businesses.
Small and medium-sized businesses don’t have the deep pockets of enterprise organizations. So why are they such a target for hackers? There are a few key reasons:
Hackers know that even small companies traffic in data that’s easy to offload for a profit on the Dark Web — medical records, credit card information, Social Security numbers, bank account credentials or proprietary business information. Cybercriminals are always trying to come up with new ways to steal this data. They either use it themselves to get into bank accounts and make fraudulent purchases or sell it to other criminals who will use it.
Sometimes cyber hackers are interested only in using a company’s computers and conscripting them into an army of bots to perpetrate massive DDoS attacks. DDoS works by artificially generating enormous amounts of web traffic to disrupt service to a company or group of companies. The hijacked bots help generate the disruptive traffic.
Today’s businesses are digitally connected to complete transactions, manage supply chains and share information. Since larger companies presumably (although not necessarily) are tougher to penetrate, hackers target smaller partners to get into the systems of large companies.
When you think about it, cyber hackers target small businesses – or any other company — primarily for profit. Sure, some attacks are about disruption, as with DDoS, but usually, the motive is to make money. This reality explains why ransomware is such a popular method of attack. It often succeeds, generating revenue for attackers. And as long as an attack method proves lucrative, hackers will keep using it.
Enterprise organizations have entire teams devoted to handling cybersecurity. At many small businesses, those efforts, if undertaken at all, are regulated by someone who likely wears many other hats in the business's day-to-day operations. That makes small companies particularly vulnerable to hackers. After all, a cybercriminal only needs to be right once. To stave off a successful attack, you must be right 100 percent of the time.
To achieve peace of mind in the modern threat landscape, small business owners must have a solid security strategy. That kind of preparedness starts with a solid understanding of the current threats:
Often providing a gateway for ransomware or other infections, phishing typically works by goading users into clicking an email attachment or URL containing a virus. Phishing has become increasingly sophisticated, and it can be challenging to spot a fake message as hackers target specific individuals with messages they can’t resist.
Hackers use a wide range of methods to target businesses, ransomware being one of the most common. Ransomware locks up computers and encrypts data, holding it hostage. For owners to regain access to their data, they have to pay ransom to a hacker who then releases a decryption key.
Short for “malware advertising,” this consists of delivering malware to a network after a user clicks on an apparently legitimate ad. Identifying malvertising isn’t easy because of how it’s disguised. Still, some advanced malware detection systems are getting better at it.
Similar to malvertising, this practice involves hiding hyperlinks to compromised webpages in legitimate links. Cybercriminals then ask users to reveal personal data that hackers steal for nefarious purposes.
This dirty trick downloads malware into networks, often without users realizing what is happening. Sometimes users have to respond to a pop-up window for the download to occur, but other times all you have to do is unwittingly visit a compromised website.
Hackers exploit vulnerabilities in popular web platforms such as WordPress, tools such as Java, and file formats such as HTML, PDF and CSV to deliver malware. Falling behind on updates can leave systems particularly vulnerable.
Any organization that neglects cybersecurity is taking a considerable risk. And as businesses grow more and more interconnected, those risks extend to customers, partners, and suppliers.
To ensure peace of mind and protect against costly malware, ransomware, and bots, small businesses need to implement 360-degree cybersecurity measures that include anti-virus programs, firewalls, and network security solutions that proactively protect all devices connected to your network. See how Comcast Business SecurityEdge™ can help protect the Internet-connected devices that employees and guests use every day.
Get more insights, advice, and best practices to protect your business here.