Large companies attract most of the media attention when it comes to cybercrime and hacking. It’s easy to see why. They are typically big names and losses can amount to millions of customers’ records, payment card details and email addresses/passwords.
But a large proportion of cybercrime actually targets small businesses. Depending on which survey or analyst house you look at, the figures can fluctuate but it’s safe to say around 50 per cent of the attacks go for the small business jugular.
The US Poneman Institute recently surveyed 592 small and medium sized companies. It found that 76 per cent had experienced a cyberattack in the previous 12 months. This was up from 70 per cent in a 2018 survey and 63 per cent in a 2017 survey.
Why are attackers targeting small businesses?
The high price of an attack
- They are an enticing target for hackers with average skills. Large corporations are constantly improving their internet security systems making it difficult to hack other than by highly skilled attackers.
- Smaller companies have less data to steal but if successfully hacked they can provide a tunnel into the networks of larger companies they work with.
- As phishing targets, small businesses are much more vulnerable than their larger counterparts who will have as a first line of defence sophisticated and complex firewalls, intrusion detection systems and sandboxes and all overseen by 24/7 network monitoring.
A successful cyberattack against a small business can be crippling. The following examples are from the US but they could easily be from any country:
Common attack vectors
- A car dealership lost $23,000 when hackers broke into its network and stole bank account details. Nine fake employees were added to the company payroll and a total of $63,000 was paid out before the company caught on. Only some of the transfers could be cancelled in time.
- A real estate development firm had $1 million drained from its bank account after attackers gained access to a company e-mail account. This allowed the thieves to impersonate the owner and convince the accountant to wire money to an account in China.
- A construction company lost $588,000 in a Trojan horse malware cyber-heist. The company managed to reclaim some of it but this was offset by interest on thousands of dollars in overdraft loans that it had to take out following the hack.
Protection for small businesses
- The most common attacks against small businesses are phishing and social engineering scams, according to the Ponemon Institute.
- These attacks target unsuspecting computer, smartphone, and tablet users with realistic-looking emails. If a user clicks on a link or attachment in the email, malicious software is downloaded onto the device.
- That said ransomware, other types of malware, and spam are also an ever present threat.
Some fundamental steps can be taken such as removing software you don’t need that is linked to your bank account. It also makes sense to require two people to sign off on every transaction.
That said, the best thing is to ensure no one gets into your network in the first place. Some small businesses contract a third-party vendor to look after cybersecurity. But this can be expensive.
BullGuard, however, has released BullGuard Small Office Security
designed exclusively for small businesses. It protects up to 50 devices, Windows, Android, and macOS.
Management is via a cloud portal. And it’s incredibly simple. An appointed administrator can carry out a series of remote commands, scan and block infected devices, apply updates, check device security and more.
And of course, protection is top-notch thanks to BullGuard’s award-winning, triple-layered, machine learning antimalware engine.
Find out more here.