Why Cybercriminals Are Targeting SMBs & What You Can Do About It [UPDATED 2020]

Table of Contents

You scan the business pages and notice that another large company has made the news for being hacked and having sensitive customer information stolen. You may have read about Microsoft’s security hack back in January 2020, when 250 million customer service and support records were breached. Or maybe you saw that in December 2019, a cyberattack on Facebook exposed the personal information of more than 267 million users, including names and phone numbers.

cybercriminals targeting small business But these stories haven’t been enough to alarm you. “Whew,” you think to yourself, “Glad I’m not that big of a fish and don’t have to worry about that.”

Well, not quite.

While it's the big companies that make the news, smaller businesses are also under cyberattack. Especially now that the COVID-19 pandemic has forced an almost universal shift toward alternative workplaces with the majority of offices being closed down, every company and employee is more vulnerable than ever to cybercriminals. 

It may be hard to believe, but SMBs are largely at risk. It’s vital to understand why in order to know what you can do to protect your company. 


Hackers Are Targeting SMBs

Cyberattacks are incredibly damaging, and grow more costly every year. The global average cost of a data breach in the Ponemon Institute’s 2019 study was $3.92 million, a 1.5% increase from their 2018 study. 

Unfortunately, the statistics confirm that the cyber-risks for small businesses continue to escalate. One study found that 40% of cyberattacks are against organizations with fewer than 500 employees, according to The Capacity Group. 

graph on how cybercriminals have shifted focus to SMBs

Matters are made worse by the ongoing global pandemic. As larger businesses have devoted resources to shoring up their cybersecurity defenses, hackers and cybercriminals have shifted their focus to businesses that are less secure. After all, why try to rob Fort Knox when most of the neighbors on your street are leaving their doors and windows unlocked – if not wide open! 

This is one of a few reasons that SMBs are especially vulnerable to cyberattacks.


Why SMBs Are Particularly Vulnerable

The National Institute of Standards and Technology, wrote a publication on SMBs and Cybersecurity. They spoke about how SMBs are considered “soft targets” by cyber criminals, because they usually lack the resources to invest in information security as larger businesses do. This makes them less protected, so they are often picked as ‘low hanging-fruit’ by hackers. 

In The National Cyber Security Alliance’s 2019 survey, only 58% of small businesses surveyed reported having a response plan that can be immediately put into action in the case of a cyberattack. In comparison, 73% of the large businesses surveyed reported having a readily available response plan.

Not only are SMBs usually less prepared to deal with cyber threats, but there is also typically less employees awareness and knowledge regarding online risks. Employees who have not undergone cybersecurity awareness training will find it difficult to identify red flags on the internet and avoid phishing, identity theft, malware, and more.

Another reason is that hacking a smaller business is less likely to draw major attention from the government and the media. As we established, when large, global companies are hacked, the incident usually makes the news. However, hacking an SMB, like a local grocery store chain or a real estate agent, isn’t going to draw national attention, and is less likely to be reported to the police by the business.

SMBs are also sometimes used to get to more high-profile targets. Cybercriminals can use a chain of trust in order to reach larger companies. However, often the intended target is the SMB itself. Small companies can possess valuable data worth a lot of money, or information that can be used to launch further attacks.

massive Target breach in 2013

The shift to remote work means that SMBs are even more susceptible to cyberattacks because the points of entry into your corporate network have greatly increased. Employees are now working from personal devices such as laptops, phones and tablets, all of which function as entry points to your company’s network. In fact, anything that is IP addressable can be a source of entry, including printers and copiers when they are connected to the network. Anywhere your internal IT connects to the wider world is a potential point of penetration.

Moreover, these devices are often not sufficiently protected. In many companies anti-virus and anti-malware software is only installed on hardware within the office, and not on employee’s personal devices. Even if security measures are in place, they are almost always weaker and easier to penetrate in SMBS compared to larger businesses. Factoring in potential gaps in virus protection, and improperly set up security controls for VPNs and wireless networks, the risk is much higher than it was before the outbreak of the Coronavirus.

While there's no guarantee that your particular business will be hacked, it is definitely a possibility. Is that a chance you're willing to take?


Act Now and Protect Your SMB

With the outbreak of the Coronavirus came a surge in cyber threats and online attacks. All businesses are more vulnerable than ever, but SMBs in particular are now being targeted by cybercriminals. Acknowledging this increased risk is the first step towards protecting your company from being the next victim. 

Keep in mind that SMBs are 1) highly likely to be targeted by hackers, 2) typically less aware of cyber risks, and 3) usually less prepared to defend themselves. Now is the time to pay special attention to your cybersecurity systems and policies. Remember that cybercrime is real and dangerous, and the stakes are high. Don't bury your head in the sand on this issue, thinking that the size of your company is a defense. As we’ve demonstrated, it most assuredly is not.

New call-to-action

Categories: Security, Office Hacks, DaaS, Managed Services, Cyber Security

blogs related to this

Artificial Intelligence Can Help Everyone - Including Scammers. What to Look For.

Artificial Intelligence Can Help Everyone - Including Scammers. What to Look For.

We all knew that artificial intelligence (AI) would be a great disruptor. However, now that the era of AI is upon us, its potential dangers and...

How to Protect Your Business From a Brute Force Attack

How to Protect Your Business From a Brute Force Attack

Data breaches are every business’s worst nightmare. With every passing year, hackers find new ways to gain unauthorized access to enterprises’ IT...

Minimize Risk and Maximize Security with Cybersecurity Insurance

Minimize Risk and Maximize Security with Cybersecurity Insurance

Cybersecurity insurance, also known as cyber insurance or cyber liability insurance, provides comprehensive coverage to businesses. It helps them...

How Scammers Can Use Your Voice Against You

How Scammers Can Use Your Voice Against You

Cybercriminals and scammers can use your voice as a weapon against you. Once upon a time, we might have brushed off the idea of fraudsters using...

Cybersecurity Laws and Regulations to Know About (2024)

Cybersecurity Laws and Regulations to Know About (2024)

As businesses weave cloud computing, edge computing, internet-of-things (IoT), artificial intelligence (AI), machine learning (ML), and myriad other...

What is the Difference Between MDR and Endpoint Detection & Response (EDR)?

What is the Difference Between MDR and Endpoint Detection & Response (EDR)?

The cybersecurity market is booming and enterprises have thousands of security solutions to choose from. However, two security solutions hover over...

What is Endpoint Detection & Response (EDR)?

What is Endpoint Detection & Response (EDR)?

An endpoint is any device connected to an enterprise network. Security teams have focused on protecting enterprise endpoints from threats and...