Do you feel your more secure because your a small to medium business ? Maybe your thinking you have nothing that a hacker would want ? Why would they even know about your business ?
A new report from a cyber security firm called Barracuda Networks crushes this. Their report analysed millions of emails across thousands of organisations just like yours. It discovered hat the small companies have a lot to worry about when it comes to IT security.
Barracuda Networks found something that is very alarming. Employees at SMB’s saw 350% more social engineering attacks than the larger ones. A small to medium company is one with less than 100 employees. This puts all SMB’s at a higher risk of falling victim to a cyber attack. Below we explore why this is.
Why Are SMB’s Targeted More
There are many reasons why SMB’s are seen as low hanging fruit to hackers and cyber criminals. They are becoming larger targets for hackers as they are out to score a quick illicit buck.
SMB’s Tend to Spend Less on Cybersecurity
Running a SMB is often a juggling act of where o spend your cash. You may know cybersecurity is important, but it is rarely at the top of your list. So by the end of the month, cash runs out and it is moved to next months expenditure.
SMB leaders and Directors do not often spend as much as they should be doing on their IT security. They may buy Antivirus software to think that is enough to cover them. But with the expansion of cloud technology and more services moving to the cloud, that is just a small layer. For adequate security you need multiple layers in place.
Hackers know all this and see the SMB’s as an easy target. It involves much less work to get a pay out than if they targeted an enterprise corporation.
Every Business has something a hacker wants
Every business right from a one person shop, has data that’s worth coring for a hacker. National Insurance numbers, credit card numbers, addresses and email addresses are all of value. Cybercriminals will sell these details on the Dark Web. rom there, other criminals use them to carry out identity theft.
Some of the information collected by hackers are:
- Customer records
- Employee records
- Bank account information
- Emails and Passwords
- Payment card details
An SMB Can Provide Access Into Larger Ones
If a hacker can gain access to the network of an SMB, they can often make a larger score. Many smaller businesses provide services to larger companies. This can include things such as digital marketing, website management, accounting, legal advice and more.
Vendors of software solutions are often digitally connected to certain client systems. This type of relationship can allow for a multi company breach. Whilst hackers and cyber criminals do not need that connection to hack you, it is a nice bonus for them. They can essentially get a two for one deal.
SMB’s Are Often Unprepared for Ransomware
Ransomware as we have all seen int he press has been one of the fastest growing cyber attacks for the last decade. So far in 2022 over 71% of organisations surveyed experienced some form of ransomware attack.
The percentage of SMB’s choosing to pay the ransom has also been increasing. Now an average of 63% of businesses pay the attacker money in the hope of getting a key to decrypt the attack.
Even if a hacker can not demand as much from an SMB as an enterprise organisation, its still worth it. They can often easily breach more smaller organisations far easier and quicker than larger ones.
When a company pays the ransom, it feeds the beast more and more cyber criminals join in. Those new to ransom attacks will often go after smaller easier to breach companies with less security.
Employees Usually Are Not Trained in Cybersecurity at SMB’s
This is another thing that is not normally high on the list of priorities for a small business owner. We are talking about cybersecurity training. They are doing everything they can to keep good staff whose priority’s are often sales and operations.
Training employees on how to spot phishing emails and password best practices often is not done. This leaves computer systems vulnerable to one of the biggest dangers, human error.
In the majority of cyber attacks, the hacker needs help from a member of staff. It is like the vampire needing the unsuspecting victim to invite them inside. Phishing emails are what is used to get that unsuspecting co-operation and be invited inside.
Phishing causes over 80% of data breaches
A phishing email sitting in your inbox won’t normally do anything. It needs the employee to either open an attached file or click a link that will take them to a malicious site. This will then launch the attack.
Teaching employees on how to spot these emails can significantly increase your cybersecurity. Security awareness training is as important as having a strong firewall or antivirus. It should be a constant training not just once every twelve months as hackers are constantly evolving new techniques to fool you.
Need Affordable IT Security Services for your SMB ?
Reach out today to schedule a call with Mat or Steve here. We offer affordable options for SMB’s and have a full range of security solutions to suit your risk and budget. This includes many ways to keep you protected from cyber threats.