Small business owners rarely have as much time as they would like, so they must prioritize what they focus on. Given that 56 percent of America’s small business owners are not concerned about being the victim of a hack, it’s hardly a surprise that cybersecurity is frequently put on the back burner.
That’s a huge mistake because a 2021 study by IBM revealed that 52 percent of small businesses had experienced a cyberattack in the previous year, and 10 percent had experienced more than 10 cyberattacks. The same study also revealed that organizations with fewer than 500 employees had an average data breach cost of $2.98 million per incident in 2021.
These alarming findings are reflected in 2021 data breaches, many of which directly or indirectly involved small businesses. Let’s take a closer look at some of them to illustrate why even small businesses can’t afford to ignore cybersecurity.
Hackers Are Targeting Supply Chains
Hackers know that the world’s largest companies take cybersecurity very seriously because they face an endless onslaught of attacks. Instead of fighting an uphill battle, they instead target smaller businesses that are part of their supply chains, knowing their defenses are typically much weaker.
In 2021, NameSouth discovered first-hand that any small business that’s part of a large company’s supply chain has a huge target on its back when the NetWalker ransomware group leaked a 3 GB archivecontaining document scans with sensitive employee and customer information after their ransom demand had been refused.
Employing less than 25 people, the North Carolina-based company supplies genuine, OE, and OEM replacement auto parts to Audi, BMW, Mercedes, Volkswagen, and other German car manufacturers, and that’s likely the reason why it was targeted in the first place.
Slower Patching Cycles Make Small Businesses Vulnerable
Zero-day vulnerabilities, which are software security flaws that have not yet been disclosed to the vendor or developers, are discovered every day and usually promptly addressed. All organizations that understand the importance of timely patching race to apply available patches in order to prevent cybercriminals from exploiting the vulnerable software.
That’s more or less what happened when a set of Microsoft Exchange Server zero-day vulnerabilities known collectively as ProxyLogon was discovered in January 2021, allowing attackers to bypass the mail server’s authentication mechanism and impersonate the administrator.
But many small businesses that rely on Microsoft Exchange Server hadn’t installed the available emergency patches months after their release in March, allowing attackers from around the world to pick them one by one as low-hanging fruit. Tens of thousands of organizations are believed to have been compromised to this day.
Everyone Can Become a Cybersecurity Breach Victim
Cybercrime has become a professional industry that attracts profit-seeking individuals with questionable moral values. Such individuals see everyone as a potential target, even organizations and institutions that serve their local communities.
For example, Lewis & Clark Community College, a small Illinois school, was forced to cancel classes for days in 2021 after a ransomware attack knocked critical computer systems offline. “That first day,” said Ken Trzaska, the school’s president. “I think all of us were probably up 20-plus hours, just moving through the process, trying to get our arms around what happened.”
In fact, cybercriminals sometimes target important institutions precisely because many people depend on them—sometimes with their lives. Florida Healthy Kids Corporation, Forefront Dermatology, University Medical Center Southern Nevada, Johnson Memorial Health Hospital in Franklin, and Hillel Yaffe Medical Center are just some healthcare institutions that were attacked last year, depriving patients of care and leaking their personal information online.
Don’t Wait for Cybercriminals to Pay Your Small business a Visit
Last year’s breaches clearly reveal that small businesses can just as easily become involved in a cybersecurity breach as large enterprises. But unlike large enterprises, small businesses don’t always have the necessary detection and response capabilities in place to deter attackers.
Fortunately, it’s well within the budgets of even the smallest businesses to increase their cybersecurity protection by looking for advanced security solutions like our Advanced Security stack. We help small businesses such as yours defend themselves against the latest and most dangerous threats, ensuring you won’t become a cybersecurity breach statistic. Contact us today.