You might think that you are less likely to be targeted because you have a smaller business. Hackers would target the big corporations right? Wrong. A report by cybersecurity firm Barracuda networks debunks this. Their report analysed millions of emails across thousands of organisations and found that small companies actually have a lot to worry about.
According to Barracuda Networks, employees at small companies saw 350% more social engineering attacks than those at larger ones. It defines a small company as one with less than 100 employees. This puts small businesses at a higher risk of falling victim to an attack.
Why are Smaller Companies Targeted More?
There are a few reasons why hackers see small businesses as low-hanging fruit.
Small Companies Tend to Spend Less on Cybersecurity
When you are running a small business, it is often a juggling act of where to prioritise your cash. You may know that cyber security is important, but it may not be at the top of your list, So, at the end of the month, cash runs out and it postponed. Small business leaders often don’t spend as much as they should on their IT security. They may buy an antivirus programme and think that will keep them protected, but with the expansion of technology to the cloud, that is just one small part of a much bigger cyber security programme.
Hackers know this and see small businesses as an easier target. They can do much less work to get a payout than they would trying to hack into an enterprise corporation.
Every Business has “Hack-Worthy” Resources
Every business, even a 1-person shop has data that is worth scoring for a hacker. Credit card numbers, SSNs, tax ID numbers and email addresses are all valuable. Cybercriminals can sell these on the Dark Web. From there, other criminals use them for identity theft.
Here are some of the data that hackers will go after:
- Customer Records
- Employee Records
- Bank Account Information
- Emails and Passwords
- Payment Card Details
Small Businesses Can Provide Entry Into Larger Ones
If a hacker can breach the network of a small business, they can often make a larger score. Many smaller companies provide services to larger companies. This can include digital marketing, website management, accounting and more. Vendors are often digitally connected to certain client systems. This type of relationship can enable a multi-company breach. While hackers don’t need that connection to hack you, it is a nice bonus.
Small Business Owners are Often Unprepared for Ransomware
Ransomware has been one of the fastest-growing cyber attacks of the last decade. So far in 2022, over 71% of surveyed organisations experienced ransomware attacks. The percentage of victims that pay the ransom to attackers has also been increasing. Now, an average of 63% of companies pay the attacker money in hopes of getting a key to decrypt the ransomware. Even if a hacker can’t get as much ransom from a small business as they can from a larger organisation, it is worth it. They often can breach more small companies than they can larger ones.
When companies pay the ransom, it feeds the beast and more cyber criminals join in. Those newer to ransomware attacks will often go after smaller, easier to breach companies.
Employees at Smaller Companies Usually Aren’t Trained in Cybersecurity
Another thing that is not usually high on the list of priorities is training. Ongoing employee cyber security training is incredibly important. Employees should be trained on how to spot phishing emails, password best practices and what to do should you be hacked. If this isn’t done it leaves networks vulnerable. Phishing causes over 80% of data breaches, a phishing email sitting in an inbox can’t do anything, it needs the user to open a file or click a link. This is why your employees need to be trained to spot them.
If you want to up your cybersecurity game, get training or just have some questions, we would love to help. Get in touch today!
Here is the link to the Barracuda Networks Report
Here is another article if you enjoyed this one!