Why Hackers Target Small and Medium Size Businesses
For most of us, there is never any thought given as to whether or not to lock our doors at night. We take this simple step to protect ourselves and our property every day, no matter how slight the risk that someone would walk into our homes to do us harm or steal from us. Too many businesses online, however, leave their doors not only unlocked, but wide open.
Attacks on large companies make the news with some regularity. Hackers attacking large corporations get all the attention because the impact of their actions tends to be extreme, with either millions of dollars stolen, or massive amounts of personal data accessed. But while we tend to discuss cybercrime in relation to these large businesses, it is the smaller and medium-sized businesses that are firmly in the cross-hairs of today’s hackers.
Cybercrime has changed over the years as the hackers themselves have changed. Where hackers once aimed to disrupt businesses and organizations, or even just to make a name for themselves by overcoming progressively more advanced defenses, modern hackers have turned their eye toward making money
At first blush, one might think that massive corporations would remain the target of choice for those seeking financial gain, but the fact is that those companies have the resources to protect themselves and tend to have a greater awareness of online risks. Smaller companies, meanwhile, tend to think of their very size as offering them protection, as though they were beneath the notice of hackers.
In addition to thinking themselves as undesirable targets, smaller businesses may also be unaware of their vulnerability. A recent study by FireEye and Mandiant determined that in a real-world scenario, 96% of hackers bypassed multiple levels of basic security in smaller businesses, suggesting a reliance on outdated countermeasures and a false sense of security.
In fact, according to the United Nations Office on Drugs and Crime, 65% of small and medium-sized businesses have no real cyber security in place and it is this lack of awareness and preparation that makes them excellent targets for not only individual hackers, but sophisticated cybercrime rings as well.
According to figures released by Symantec, more than 50% of all cyber-attacks are directed at small and medium-sized businesses. Government of Canada Key Small Business Statistics estimates that nearly 60,000 such businesses are at risk every day. Other observations:
- During the past 6 years, small and medium-sized businesses have experienced an increase in cyber-attacks, from 18% to 43%
- Over 50% of small and medium-sized businesses encountered cybercrime over the past 12 months
- Nearly 5% of the small to medium-sized businesses are at risk of becoming victims of Ransomware
Small Risk, Big Reward
Hackers have many ways to benefit from the information they steal from a given company. They may choose to sell the stolen files to a third-party, or they may simply hold them for ransom. Cybercrimes against smaller businesses result in an average cost of $217 per stolen record, according to a study by the Ponemon Institute. Meanwhile, a U.N. study shows that only 10% of reported cybercrimes against small and medium-sized businesses result in a conviction.
The result of the high potential for profit and low possibility of conviction has resulted in an environment in which cyber-criminals may now approach cybercrime as a business. Like any business venture, the aim is to make the most profit possible and that means targeting ill-prepared smaller businesses, who have yet to adapt to the threats hackers pose.
Until small and medium-sized businesses recognize the threat that cybercrime poses to them and take the necessary precautions to protect themselves, the hackers will continue to target them.
To help protect your business from hackers, contact Safe Harbour today!