Cyberattacks on big corporations flood the headlines, but small and medium businesses are also big targets too. One in every five small businesses fall victim to a cyberattack and of those, 60% go out of business within 6 months. This is a serious problem, because cyberattacks can range from the mildly annoying to the deeply destructive. Even the simplest can be costly and time consuming. From phishing scams to data breaches, the average attack costs a business $9,000, says the National Small Business Association.
Small and medium-sized enterprises (SMEs) have become the honeycomb or soft targets for malicious cyber actors who are always in search of valuable corporate assets to pilfer.
It is established that cyberattacks happen often against big businesses, but a cyberattack on a smaller business is not likely to get the same level of publicity gotten when a multinational corporation is hacked. However, there are still many successful attacks against small firms every day.
The data being held by small and medium-sized enterprises (SMEs) is always becoming more valuable to cyber criminals. The cybercriminals now use different and evolving ways including ransomware attacks to extract money. with ransomware – a kind of malware, the files of the SME on a computer are encrypted and a demand for money is made before the files can be unlocked. According to Advisen – an insurance research provider, up to 36% of the SME victims of ransomware attacks loss victims but there will an increase in this form of attacks.
Increasingly, the average SME has moved from just adopting mainly simple siloed solutions to implementing more interconnected systems. Small businesses are now more connected to their clients than before with solutions because of solutions including bring your own device (BYOD), off-site working and the cloud, small businesses have never been more connected to their clients and therefore more open to threats.
Furthermore, criminal minds are also exploiting the central role of SMEs in the wider economy and abusing their online weaknesses to gain access to bigger targets. Many small and medium businesses are connected virtually to the IT systems of larger business partners, and these are the eventual targets of the cybercriminals.
Although, external cyberattacks are deemed as the most pressing threats in need of protection by the SMEs, but increasingly there are more fraudulent cyber activities originating from within an organization. An example of such is a disgruntled staff who seeks retribution by damaging or holding the cyber assets of the company to ransom. Another devasting effect to the company is if its intellectual property is stolen because of the key-person dependencies that is normal with SMEs.
However, the migration towards more interconnectivity among businesses of all sizes can only be expected to provide fresh avenues for dishonest employees to take exploit cybersecurity weaknesses. Human error is also an aspect of internal threats and has resulted in large number of cyber breaches. Such incidents occur only when the proper protocols for identity management and monitoring are ignored. Social engineering is also a method that online criminals use to take advantage of this weak link in security by tricking employees into handing over sensitive information. The hackers often pretend to be a supplier or client and e-mailing over what appears to be an invoice, but the attachment contains malware. Surprisingly these techniques are effective because all it takes is a single employee to click on a link and the entire system is compromised.
Hackers easily exploit human vulnerabilities making it a source of major concern to the SMEs. Employees of these small and medium businesses must be conversant with the methods used by cyber thieves. It is therefore important to educate staff in the best cybersecurity practices.
Many companies find it difficult to maintain the appropriate balance between acquiring protection from malicious attacks and creating unwarranted restrictions on employee device usage.
There are a few things that small businesses can do (and in reality, should already be doing) in order to reduce risk.
Invest in cybersecurity
This is a key step because most SMEs are increasingly embracing the benefits of cloud technology but are still reluctant on security measures, with many not even having the most basic security measures in place.
Training & Awareness
Humans are, unfortunately, the weakest link in any business’s cybersecurity defense, and so taking the simple step of training your employees can help to significantly mitigate risk. Training on how to recognize phishing emails, the risks of ‘bring-your-own-device’ (BYOD), and how to securely share and dispose of data are key in eliminating costly mistakes.
Small and Medium enterprise must stay proactive about protecting their digital presence, remain informed and try to understand the threat landscape of today’s digital ecosystem. Business owners do not need to become cybersecurity experts but essentially just have to keep up to date and this makes them more aware of their vulnerabilities. Lack of information about cyber risks may be dangerous because it hurts the ability of the business to mitigate and recover from attacks. But staying informed enables planning and different scenarios can be considered in the event of a breach.