After analyzing over 53,000 cybersecurity incidents, Verizon’s 2018 Data Breach Investigations Report revealed that 58% of all malware victims were small businesses. Although there was a time when hackers preferred one-off attacks against big-fish targets, new types of malware have made it easy to automate small-scale attacks against thousands of victims.
In short, the cost of hacking has sunk so low that virtually every business has become a worthwhile victim. So if you question why anyone would want to breach your company’s network security, there are a few things you need to keep in mind.
Most SMBs make easy targets
The majority of small businesses have only one or two technicians on hand to support several IT systems, which means that even if cybersecurity is a priority, there simply aren’t enough resources to protect everything. Few SMBs can handle 24/7 network monitoring and multi-layered cybersecurity in-house, but large enterprises rarely have this problem. Why would any hackers go after companies they know have stronger defenses?
SMB employees are ill-prepared
IT staff aren’t the only people with too much on their plates. SMB employees often perform a wider variety of tasks than their enterprise counterparts, which means they have less time for cybersecurity training.
Learning and practicing basic IT best practices is essential for employees at businesses of all sizes. If a hacker knows that one potential target has held a companywide training on recognizing email scams, and another hasn’t -- which company do you think the hacker will focus on?
Many SMBs have privileged access to enterprises
Sometimes hackers target a small business solely because they’re looking for a backdoor into a larger organization. For example, the infamous attack that stole 40 million credit card numbers from Target’s database was possible because one of its HVAC contractors had been hacked. This means SMBs that provide products and services to other businesses often face even higher risks than those that sell directly to consumers.
Attacks against SMBs are rarely investigated
After any cyberattack, even a successful one, hackers worry about getting caught. Big companies can afford to track down perpetrators because they usually have in-house legal teams and resources for IT forensics. But considering that the average SMB pays $117,000 to recover from a breach, a cybersecurity investigation and lawsuit is rarely an option.
With understaffed IT departments, untrained employees, and privileged access to other company databases, small businesses make for great targets...with far more valuable data than they realize.
What is SMB data worth?
Obviously, small businesses that store credit card numbers and other payment details are the best victims. However, private personal information is also in high demand because of how easy it is to sell to anonymous bidders.
Hackers hawk the spoils of their efforts on the “Dark Web,” a digital black market where one individual’s name, social security number, and birth date bundled together goes for around 50 bucks. Even an attack on an SMB with as few as 10 people on the payroll would have at least $500 worth of employee records.
How to protect your business
If you can’t afford an in-house cybersecurity specialist, a managed IT services provider (MSP) is the next best option. MSPs send a team of experts to assess your business’s needs, train your employees, install a host of preventative IT solutions, and then monitor them remotely. As soon as something suspicious pops up on the radar, the MSP begins investigating.
Those services are all you need to stay safe, and they come in one flat-fee package.
NetQuest has thrived over the past 23 years by providing SMBs in the Baltimore area with reliable, valuable, and friendly IT support. If you want to see what we can do for you, sign up for a free assessment today.