Why Do Hackers Target Small Businesses?
In the last few years, American small businesses have seen a sharp increase in cybersecurity threats. It used to be that their relative anonymity, unknown brand and limited financial resources kept small businesses relatively safe from hackers. This is no longer the case, and regardless of the type of enterprise you’re currently running, our post ‘Why Small Business IT Services’ notes how you need to protect your venture’s data with top of the line cybersecurity. If the SMB is a contractor for a larger company, say a Fortune 500 company, then it makes an even more enticing target because it is a less secure entry point. Why? In part, it’s due to a shortage of trained cybersecurity experts coupled with the way SMBs operate; limited budgets and unwitting disregard for security protocols.
Cyberattacks targeting SMBs happen every day because they generally lack the trained personnel and financial resources to properly secure themselves. More often than not SMBs hold valuable data such as customers’ credit card numbers, health information, etc. What’s more, they neglect to use an offsite secure storage solution to back their data, making them especially vulnerable to ransomware attacks. Verizon’s 2018 Data Breach Investigation Report noted that SMBs account for 58% of malware attack victims. Additionally, over 60% of small businesses generally shut down within six months of falling victim to a cyberattack and are left with clean-up bills upwards of $690,000. Limited budgets, outdated security and lax employees leave gaping holes that are easily exploited.
California-based Rokenbok Education, which teaches children how to think like engineers by using building blocks and robotics, was hit with a ransomware Denial of Service attack early in 2016. Hackers encrypted company files and demanded a hefty ransom for its return. Like many SMBs with limited budgets, Rokenbok focused mainly on revenue over protection. The company did not pay the ransom, instead, they reconstructed their key system, and although they lost thousands of dollars, they learned a valuable lesson in cybersecurity and are still in business today. Others, like escrow firm Efficient Services, weren’t so lucky. SMB CEO described how the company was hit with a cyberattack that syphoned $1.5 million to an unknown source in China, in 2012. Only able to retrieve about $400,000 of lost funds, many of its customers who held escrow accounts with the company were left with nothing and Efficient Services was forced to shut down.
Yet, apart from the fact that SMBs are easy prey, for the reasons we mentioned, there is another problem which lies at the heart of the cybersecurity dilemma: a global gap in cybersecurity experts. As a result, universities across the US are scrambling to catch up. EdTech Magazine reported how eight universities in the U.S. are creating cybersecurity training curriculums, as well as other institutions, and teaming up with Facebook to open opportunities for students to learn the latest cybersecurity practices. Other universities and colleges across America are implementing similar programs to try and narrow this gap. A post by Maryville University touches on the global cybersecurity shortage detailing how in 2016 there was already a predicted shortfall of 1.5 million experts. In just three years that figure has nearly doubled. Robert Ackerman Jr., who is the founder and managing director or cybersecurity venture firm AllegisCyber, described that non-profit IT security organization (ISC)2 indicated in their latest report how there is now a global gap of roughly 2.93 million cybersecurity positions waiting to be filled.
The reasons for this are twofold. Firstly, the expansion of the digital marketplace has generated jobs faster than educational institutions can train security professionals. Secondly, due to scale, there just isn’t a quick and efficient way to create skilled security professionals to keep up with the demand. As a result, this crisis currently puts organizations, and particularly SMBs and their customers, at greater risk. To address this problem, not only is there a need to provide more comprehensive hands-on training to current IT professionals but the government, with the help of organizations, need to sponsor more technical labs and courses for secondary education and university programs. Lastly, organizations need to leverage military veterans transitioning to civilian life. Where most have already had exposure to the latest IT tools, more importantly, all have the security mindset trained into them. While these initiatives may take time to implement, the lesson here for SMBs is that they need to protect themselves.