Small businesses are, in many ways, the lifeblood of our economy, responsible for the creation of 64 percent of all new jobs in the U.S. These economic mainstays also account for 54 percent of all U.S. sales and approximately half of all private-sector payrolls. At the same time, however, these small businesses could be just one unlucky mouse click away from closing their doors if a malicious email attachment or a compromised website results in a data breach.
According to a 2012 study by the National Cyber Security Alliance, 60 percent of small businesses close their doors within six months of a data breach, which can cost a business money, but also reputation. But the Verizon 2013 Data Breach Investigations Report reveals that small and midsize businesses (SMB) are the top targets for cybercriminals, suffering breaches more often than larger firms.
Cyber-criminals have become even more efficient in recent years, with their attacks being precise and incredibly calculated. To get the biggest bang for their buck, the FireEye whitepaper states, cybercriminals target SMB segments to leverage the compromised SMB networks, launching attacks against other targets.
Click through to learn more about the FireEye’s top 5 reasons cybercriminals target the SMB sector.
Reason 1: Your data is more valuable than you think.
All businesses have information that needs to remain confidential — whether it is employee’s personal data or a customer’s credit card numbers. But in addition to having their own data, many SMBs also do businesses with other companies. These ties to their partners’ systems can include integrated supply chains or access to sensitive data and intellectual property of bigger corporations.
“It might not be your data they’re after at all,” the Verizon report states. “If your organization does business with others that fall within the espionage crosshairs, you might make a great pivot point to their environment.
While business owners may see their small business as a little fish in a big pond, the connections to the major targets — the big fish — can put small businesses at risk.
Reason 2: Cyber attacks offer low risk and high returns for criminals.
The Internet has made it possible for cybercriminals to launch attacks from anywhere in the world. Because of this, they are rarely caught or punished for their crimes. In addition, advanced malware can take weeks — even months — to detect.
Small businesses, in general, are not as equipped as larger businesses when it comes to detecting threats and responding proactively. With too much to gain, and almost nothing to lose, attackers have strong incentives to attack SMBs.
Reason No. 3: SMBs are an easier target.
SMBs face the same cyber threats as big businesses, but they only have a fraction of the budget to handle them. In fact, more than 40 percent of small and midsize businesses do not have an adequate IT budget, according to a November 2013 survey by the Ponemon Institute.
Instead of having large IT teams, small businesses typically have an IT director that serves a variety of job functions, but it can be difficult for one person to manage the different responsibilities. Likewise, many SMBs do not have data security policies or procedures to protect themselves on a daily basis.
While SMBs cannot afford to be hit with a cyber attack, their status as easy targets, with little protection and security compared to bigger companies, they become easy targets for cybercriminals.
Reason No. 4: Many SMBs have their guards down.
Small or midsize businesses are more likely to face a cyber attack when compared with large enterprises, but 60 percent of SMBs do not consider cyber attacks as a major threat to their organization and 44 percent do not consider cyber security to be a strong priority.
There is a misconception among the SMB sector that these businesses are not at risk. Despite the increasing number of attacks, 77 percent of SMBs believe their company is safe from attacks, and many others do not believe that their information is not worth stealing.
Many small businesses do not take cyber threats seriously, even though the issue is clearly pertinent to the survival of their company.
Reason No. 5: Most SMB security tools are no match against today’s attacks.
Even if SMBs do have some security defenses in place, they are generally ill equipped to handle the complexities of today’s attacks.
Defenses implemented by small businesses are often effective at stopping known attacks, but are defenseless against advanced or unknown targeted attacks. Most of the current security technologies used by SMBs rely on approaches such as URL blacklists and signatures, but when dynamic or malicious URLs are employed, URL blacklists are ineffective.