61% of Cyberattacks Occur at Small Businesses & Tips to Help Protect You
Neal Bridges
Hacker || CISO || Content Creator & Event Speaker (bookings available) || TV & Media SME (see portfolio) || “All warfare is based on deception” || Need cyber advice? Lets chat!! topmate.io/neal_bridges
Even though cyberattacks seem to be showing no sign of slowing down, the majority of small business owners seem unfazed about the threat they pose, and the possibility that they might one day be the victim of a cybersecurity breach themselves.
In a recent Insureon (insurance company) survey of 2,400 business owners on the topic of small business cybersecurity, you can see how stark that sentiment is. The survey highlighted:
- 73% of small business owners don't think they have customer data that would be susceptible to a cyberattack.
- 73% have cybersecurity protocols in place to protect against breaches.
- 76% think their business could survive a cyberbreach.
- 64% manage their own IT needs.
The reality of this is very much the opposite. For those who are not aware, Verizon puts out its yearly Data Breach Investigations Report, which seeks to drive awareness to the frequency and types of cyberattacks it sees across it service lines, and customers. In that annual report, it highlights that 43% target small businesses.
When you break down these attacks by the numbers, you can see some very interesting facts:
- 69% of the attacks proved to be the work of outsiders.
- 52% of the breaches resulted from hacking, 33% from social engineering attacks (phishing, etc), and 28% caused by malware.
Verizon highlights explicitly that no business is too small or too large to fall victim to a data breach. Additionally no industry is immune to attack. Basically NO ONE is off limits to cyberattacks.
Targeting of small businesses aside, there are still very material damages that can be imposed on small businesses as a result of a data breach or hack - regardless of how big you are.
- Loss or Damage to Electronic Data. An attack can damage electronic data stored on your computers. For example, a virus renders your sales records useless. Recreating them is a time-consuming process that involves sifting through old invoices.
- Extra Expenses. You may incur extra expenses to keep your business operating. For instance, a hacker damages two computers, forcing you to rent two laptops so you can keep your business running until your computers are repaired.
- Loss of Income. You may suffer a loss of income. For instance, a denial of service attack forces you to shut down your business for two days. The two-day closure causes you to lose both income and customers.
- Network Security and Privacy Lawsuits. If a cyber thief steals data from your computer system and the data belongs to another party(such as a customer), that party may sue your firm. For example, a hacker steals information about a customer's upcoming merger. The merger falls through due to the data theft. The customer sues you for failure to protect its data, alleging that your negligence caused the company to incur a financial loss.
- Extortion Losses. A hacker steals sensitive data (yours or someone else's) and then threatens to post it on the Internet unless you pay a $50,000 ransom. Alternatively, you accidentally download ransomeware that encrypts your data, rendering it unusable. The perpetrator demands a ransom payment in exchange for an electronic key that allows you to "unlock" the encrypted files.
- Notification Costs. Most states have passed laws requiring you to notify anyone whose data was breached while in your possession. You may also be required to tell the victims what steps you are taking to remedy the situation.
- Damage to Your Reputation. A cyberattack can seriously damage your company’s reputation. Potential customers may avoid doing business with you, believing you are careless, your internal controls are weak or that an association with you will damage their reputation.
We need more of our community to help spread awareness that small businesses are not immune to cyberattacks. Sometimes we get so focused on the Fortune companies that we ignore the hard working small business owners who will often times be victims of cyber attacks and find no support within the law enforcement system to help recover from such a crime.
I have included links to resources from the Small Business Administration and the Federal Communications Commission that specifically speak to how small businesses can protect themselves from cyber attacks. I will personally make myself available to discuss strategies, best practices, and recommendations for anyone who needs help securing their business.
References:
2019 Verizon Data Breach Report
Small Business Administration Cybersecurity Tips
Federal Communications Commission Cybersecurity Tips
Helping companies implement socially responsible and environmentally sustainable programs
5 年Sadly this post is not being seen by the SMB's as few of them use Linkedin. If anyone has the secret to reaching the SMB effectively on this subject, I'd love to have you share them.??
Bank Executive CIO & Educator - Specializing in Tech/Cybercrime
5 年We created DETSEC.org to help our rural IT professionals get to know each other and collaborate on InfoSec. Over 150 members now.
Navy Veteran, Strategic Adviser, Speaker, Entrepreneur, Envoy
5 年Great post for SMB's to consider
Cybersecurity Consultant @ Nuformat Inc. | Managed Detection and Response | 24/7 MDR services | Helping your business reduce risk from cyber threats and attacks
5 年Quick questions to ask a SMB before bring them on as a partner; 1. How does the SMB protect customer private data? 2. Does it have continuous cybersecurity monitoring? 3. Does the SMB undergo regular cybersecurity assessments? 4. Does the SMB perform cybersecurity awareness training on regular basis for its employees?
Open to Engage - Lets Discuss! Bridging the Business 2 Technology Divide: Entrepreneur, Public Speaker, ROI Driven Results
5 年Making matters worse, even if criminals are not attempting to walk up the ladder from smaller companies to larger partners, they embed abilities to use smaller companies resources as outposts to operate from.