New research has unveiled that the optimum target for hackers is small-to-medium businesses (SMBs.) This trend has shifted considerably from the past, where larger corporations faced the most significant threat due to their potential value. However, a 2017 report by SMB group highlighted that the risk has now shot above 70% for companies in this demographic.
The reasons for this are multiple. Although SMBs have lower potential financial gain, their set-up and operations make them generally more insecure. Business owners often choose tools based on convenience and cost; they’re so busy that security quickly becomes an afterthought.
Limited Cybersecurity Knowledge
According to Tech Republic, only 38% of CEOs and 23% of board members are highly engaged in cybersecurity. This statistic gives a harrowing outlook on the proficiency of protection for SMBs. Without knowing the risks at hand, the ability to create a robust security strategy will be dampened.
Some SMBs have a dedicated cybersecurity employee. However, without a strong narrative between founder and employees, there are bound to be holes in the defenses.
As more and more hackers become aware of this knowledge deficit, it’s easy for them to find and exploit issues that commonly arise. Although the prize purse is greater from large corporations, the chance of success is considerably lower and, therefore, less financially viable than SMBs.
Third-Party Management Systems
Another main flaw in cybersecurity for SMBs is the use of third-party apps. Almost every industry has tech-forward developers who are working tirelessly to automate operations for small companies. These management systems pop up everywhere: from Housecall Pro for maid services to Evernote for organizing sole traders.
This type of software is developed with convenience in mind. It aims to streamline production and correlate projects and schedules. What they don’t do is prioritize security.
For those small businesses that rely on third-party software, the company’s safety has been forfeit significantly. It’s the business management equivalent of putting all your eggs in one basket – as CEOs have to rely on the app’s developers to protect sensitive data.
A large amount of SMB operations are untested, new ideas. As CEOs attempt to innovate, they interact with technology to try new systems and career moves. As most hackers know, anything new and untested is usually awash with security holes to be exploited.
For example, when Microsoft was hit by the Shadow Brokers hack in April 2017, it was because of insecurities in the original iteration of their operating systems. The hole had already been patched in March. Unfortunately, many businesses had not partaken in the vital update that would have protected their data.
If these companies had tested their security protocols – rather than relying on Microsoft – then they could have avoided disaster and protected their data.
Understanding why hacks happen includes considering what gain there is on offer. While SMBs don’t boast the resources of larger companies, they still store endless data that could be of use. Cybercriminals often have financial gain as their primary goal, and SMBs hold limitless potential for this aim.
Profitable information stored by SMBs include:
- Customer’s Identity
- Addresses & Phone Numbers
- Bank Details
- Trade Secrets
- Staff Information
In today’s world, you only need basic details to pursue identity theft. With personal information and bank numbers, you can freely access stranger’s accounts and make withdrawals. With even less – just a name and address – you can apply for fraudulent loans or make online purchases.
Spearphishing attacks are specifically targeted hacks, focused on gaining specific information. They are extremely common, accounting for 91% of attacks that go after confidential data. Unsurprisingly, spearphishing has been catastrophic for small businesses.
The combination of amateur security protocols and a cache of attractive data make SMBs the ideal subject. The attacks work by attempting to garner useful information on the chosen target. Data like names, friends, pets, schools, etc. can help decrypt a person’s password and security questions, which can subsequently gain access to their accounts. Alternatively, hackers can use a backdoor method by tricking the quarry to click an infected link or message.