Small and midsize businesses may have smaller databases and less information to steal, but they are disproportionately impacted by cyber crime. Why? Criminals notoriously take the path of least resistance, and smaller businesses are typically less fortified against cyber attacks.
In fact, according to CPO Magazine, 50% of all cyberattacks are directed at small businesses, which are vulnerable because they invest less than $500 in cybersecurity, on average. Entrepreneur magazine reports that 71% of cyberattacks occur at businesses with fewer than 100 employees. According to the Verizon 2019 Data Breach Investigations Report, breaches against small businesses account for 43% of cyberattacks.
The best hope for a trend reversal is for more postgraduate programs like the University of Texas at Tyler's online MBA with a Concentration in Cyber Security to produce more professionals ready to bridge the space between executives and technologists, including many who are committed to helping small businesses. The army of well-trained heroes must outgrow and outflank the army of equally well-trained villains.
How Cyber Criminals Attack
There are several vulnerabilities that criminals seek to exploit in various avenues, including applications, networks and data. These are some of the most common forms of threats to smaller businesses:
Phishing Attacks – Emails and text messages, disguised in order to obtain sensitive information like passwords, social security numbers and credit card numbers. As much as 90% of all data breaches arise from phishing.
Malware – Malicious software including spyware, Trojan horses, viruses and keyloggers.
Water-holing – A malware attack in which the perpetrator observes the websites visited by a group and infects those sites with malware, thereby infecting the business.
Ransomware – A specific type of malware that locks and encrypts data, making systems unavailable until a ransom is paid to the hackers.
Insider Threats – A former employee sabotages business operations by accessing or sharing access to sensitive information.
Social Engineering – A more sophisticated type of threat involving manipulation of employees to provide confidential information, which may take place over the phone or online. This often happens in conjunction with phishing attacks.
Advanced Persistent Threat – When a hacker penetrates a system, undetected, and remains there for an extended period of time to extort money or data or do other damage.
Cyber Espionage – Cyber actors target small business websites, taking them down or defacing them, to gain media coverage and rally support for their causes.
Internet of Things (IoT) Leaks – Internet-connected devices, not properly secured, present alternate doorways to networks and data. This is a growing concern as IoT devices are proliferating in organizations of all sizes.
Repercussions of Cyber Attacks
Not only are small businesses less immune to cybercrime, but they are also less resilient when attacked. Permanent and severe financial damages can occur, with little to no recourse. On average, small businesses pay about $690,000 in cleanup after a hack, and middle market companies could pay up to $1 million, according to Entrepreneur.
Ransomware and other attacks can also freeze business operations, putting employees' livelihoods at stake. They can also cause unanticipated and recurring problems down the road with computer networks, applications, hardware and software.
Reputational damage can also occur, and recovering from such incidents can be difficult to impossible. A breach can weaken smaller brands to the point that lenders and partners will not work with them, causing them to lose customers.
How Small Businesses Fight Back
Small businesses must collectively or individually hire their own security forces, trained in cyber security best practices. These people must be prepared to then establish and enforce policies, and train and monitor employees to ensure compliance.
With well-trained security personnel in place, businesses must develop comprehensive cyber security strategies that account for internet firewalls, software security updates, mobile devices, IoT devices, physical and remote access to computers and drives, Wi-Fi networks, passwords and authentications and data backup strategies. Planning ahead puts assigned personnel in charge of pre-determined courses of action when a company faces ransomware or malware attacks. With proper training and education, small businesses can fight back and win against a growing army of cybercriminals.
Learn more about the University of Texas at Tyler’s MBA with a Concentration in Cyber Security online program.
Have a question or concern about this article? Please contact us.