Why Cybercriminals Are Targeting SMBs & What You Can Do About It [UPDATED 2020]

Table of Contents

You scan the business pages and notice that another large company has made the news for being hacked and having sensitive customer information stolen. You may have read about Microsoft’s security hack back in January 2020, when 250 million customer service and support records were breached. Or maybe you saw that in December 2019, a cyberattack on Facebook exposed the personal information of more than 267 million users, including names and phone numbers.

cybercriminals targeting small business But these stories haven’t been enough to alarm you. “Whew,” you think to yourself, “Glad I’m not that big of a fish and don’t have to worry about that.”

Well, not quite.

While it's the big companies that make the news, smaller businesses are also under cyberattack. Especially now that the COVID-19 pandemic has forced an almost universal shift toward alternative workplaces with the majority of offices being closed down, every company and employee is more vulnerable than ever to cybercriminals. 

It may be hard to believe, but SMBs are largely at risk. It’s vital to understand why in order to know what you can do to protect your company. 


Hackers Are Targeting SMBs

Cyberattacks are incredibly damaging, and grow more costly every year. The global average cost of a data breach in the Ponemon Institute’s 2019 study was $3.92 million, a 1.5% increase from their 2018 study. 

Unfortunately, the statistics confirm that the cyber-risks for small businesses continue to escalate. One study found that 40% of cyberattacks are against organizations with fewer than 500 employees, according to The Capacity Group. 

graph on how cybercriminals have shifted focus to SMBs

Matters are made worse by the ongoing global pandemic. As larger businesses have devoted resources to shoring up their cybersecurity defenses, hackers and cybercriminals have shifted their focus to businesses that are less secure. After all, why try to rob Fort Knox when most of the neighbors on your street are leaving their doors and windows unlocked – if not wide open! 

This is one of a few reasons that SMBs are especially vulnerable to cyberattacks.


Why SMBs Are Particularly Vulnerable

The National Institute of Standards and Technology, wrote a publication on SMBs and Cybersecurity. They spoke about how SMBs are considered “soft targets” by cyber criminals, because they usually lack the resources to invest in information security as larger businesses do. This makes them less protected, so they are often picked as ‘low hanging-fruit’ by hackers. 

In The National Cyber Security Alliance’s 2019 survey, only 58% of small businesses surveyed reported having a response plan that can be immediately put into action in the case of a cyberattack. In comparison, 73% of the large businesses surveyed reported having a readily available response plan.

Not only are SMBs usually less prepared to deal with cyber threats, but there is also typically less employees awareness and knowledge regarding online risks. Employees who have not undergone cybersecurity awareness training will find it difficult to identify red flags on the internet and avoid phishing, identity theft, malware, and more.

Another reason is that hacking a smaller business is less likely to draw major attention from the government and the media. As we established, when large, global companies are hacked, the incident usually makes the news. However, hacking an SMB, like a local grocery store chain or a real estate agent, isn’t going to draw national attention, and is less likely to be reported to the police by the business.

SMBs are also sometimes used to get to more high-profile targets. Cybercriminals can use a chain of trust in order to reach larger companies. However, often the intended target is the SMB itself. Small companies can possess valuable data worth a lot of money, or information that can be used to launch further attacks.

massive Target breach in 2013

The shift to remote work means that SMBs are even more susceptible to cyberattacks because the points of entry into your corporate network have greatly increased. Employees are now working from personal devices such as laptops, phones and tablets, all of which function as entry points to your company’s network. In fact, anything that is IP addressable can be a source of entry, including printers and copiers when they are connected to the network. Anywhere your internal IT connects to the wider world is a potential point of penetration.

Moreover, these devices are often not sufficiently protected. In many companies anti-virus and anti-malware software is only installed on hardware within the office, and not on employee’s personal devices. Even if security measures are in place, they are almost always weaker and easier to penetrate in SMBS compared to larger businesses. Factoring in potential gaps in virus protection, and improperly set up security controls for VPNs and wireless networks, the risk is much higher than it was before the outbreak of the Coronavirus.

While there's no guarantee that your particular business will be hacked, it is definitely a possibility. Is that a chance you're willing to take?


Act Now and Protect Your SMB

With the outbreak of the Coronavirus came a surge in cyber threats and online attacks. All businesses are more vulnerable than ever, but SMBs in particular are now being targeted by cybercriminals. Acknowledging this increased risk is the first step towards protecting your company from being the next victim. 

Keep in mind that SMBs are 1) highly likely to be targeted by hackers, 2) typically less aware of cyber risks, and 3) usually less prepared to defend themselves. Now is the time to pay special attention to your cybersecurity systems and policies. Remember that cybercrime is real and dangerous, and the stakes are high. Don't bury your head in the sand on this issue, thinking that the size of your company is a defense. As we’ve demonstrated, it most assuredly is not.

New call-to-action

Categories: Security, Office Hacks, DaaS, Managed Services, cyber security

blogs related to this

Malware and Ransomware Protection for Internet of Things (IoT) Devices

Malware and Ransomware Protection for Internet of Things (IoT) Devices

Malware has been around for quite a few years, and it continues to bring businesses down to their knees. Ransomware, in particular, was a nuisance...

Printer Security Risks and How to Mitigate Them

Printer Security Risks and How to Mitigate Them

Printers may appear to be low-maintenance and relatively safe devices. However, printers are a common attack vector used by cybercriminals to gain...

Managed IT Services vs In-House IT: Which is Right for Your Business?

Managed IT Services vs In-House IT: Which is Right for Your Business?

Information Technology (IT) is the most important pillar in an organization's architecture. The quality of an enterprise's IT ecosystem will largely...

DNS Hijacking: What it is and How to Protect Your Business

DNS Hijacking: What it is and How to Protect Your Business

A Domain Name System (DNS) is essential to all companies that depend on the internet to generate sales—it is a crucial element to the performance and...

Can Your Business Recover Data after a Ransomware Attack?

Can Your Business Recover Data after a Ransomware Attack?

In a highly digitized world, businesses face an increasingly sophisticated range of cybersecurity threats. As such, it's safe to say that ransomware...

What is Threat Intelligence Sharing?

What is Threat Intelligence Sharing?

The world is rife with cybercrime. Enterprises constantly battle an evolving array of threat actors to protect massive digital vaults of sensitive...

Optimizing Your Print Environment with a Professional Print Assessment and Analysis

Optimizing Your Print Environment with a Professional Print Assessment and Analysis

How many pages does your company print each week? What are your current print costs? What's the total cost of ownership? Are your reactive processes...