We often visualize hackers in a basement trying to breach government or big corporation systems, to steal credit card numbers or secrets that worth millions in data. But are all attacks like that in reality?
In fact, these types of attacks are rare but are often viewed as the most common ones, especially by most non-technical people. This is due to the fact that we usually get our general impressions about a certain topic either through the news, social media posts, or viral stories. And what makes a big news story or an interesting social media post? Big data breaches, scary hackers and millions of dollars in losses.
The price we pay for reading these interesting, astonishing stories and not doing proper research on the topic, often, is forming misleading assumptions about it. And in the world of cyber security, when a non-technical person (most small business owners) tries to dive into the facts and get some information she either gets tangled into these scary stories of big hackers and big companies, or into incomprehensible technical ‘security jargon’. This leads many small business owners and managers into thinking that only big corporations are cyber security targets. And due to the temporary financial relief and comfort that comes with not having a security strategy, we frequently hear the phrase: “Oh, we are too small to be a target, I mean, who would want to put in the effort and hack us?” Unfortunately, for hackers, small targets are the easiest. According to the https://www.verizonenterprise.com/resources/reports/rp_DBIR_2018_Report_en_xg.pdf, 58 percent of data breach victims are small businesses. The numbers have been frequently rising since previous years as well. In 2011, only 18% of cyber attacks focused on small businesses, whereas in 2015 the percentage rose to 43% (https://smallbiztrends.com/2016/04/cyber-attacks-target-small-business.html).
So, you may ask, why are small businesses such a highly targeted segment?
Well, two reasons:
Lack of awareness Due to the misinformation situation discussed earlier, small businesses lack awareness about security. While big companies fear hacks, and invest money in their security, and try to maximize their preparedness for a cyber attack, a lot of small businesses take the more ‘comfortable route’, claiming ‘we are too small’, ‘we don’t have the resources’, ‘we don’t have the time’… In fact, https://smallbiztrends.com/2017/07/prepared-for-a-cyber-attack-small-business.html.
Hackers are “lazy”
Generally hackers don’t want to spend a lot of time hacking one site. It’s simply not a financially beneficial model for them (unless someone pays them to hack a specific target). What is a lot more profitable for them is to hack targets that are easy to hack. Hackers (like everyone else in this world) want to see profit easily, and quickly. And which sites are the easiest to hack? Those that haven’t done much to make themselves a difficult target. Think of it this way, if you are an archer, it is easier for you to hit a static target than one that moves around in an unpredictable manner (a target that tries not to be hit).
!Too small to be a target? Look at the numbers!
Another assumption we hear frequently is that the consequences of a cyber attack cannot be ‘that bad’. Small businesses don’t have much capital to lose, and the news only report on big companies and big data breaches or hacks, so there’s not much reputation at stake either. And again, unfortunately, these assumptions are wrong. In fact, cyber attacks can be cataclysmic to small businesses. According to UPS capital cyber attacks https://upscapital.com/wp-content/themes/upscapital/assets/media/CyberSecurity_Infographic.pdf. Furthermore, bigger companies not only are better prepared to prevent a cyber attack, they are also better prepared to handle it once it happens. https://upscapital.com/wp-content/themes/upscapital/assets/media/CyberSecurity_Infographic.pdf. Costs range anywhere from ransomware, to notifying your customers about the breach, all the way to losing customers and revenue due to reputation.
Well, getting prepared for a cyber attack is not always about throwing massive amounts of money into cyber security. For small businesses it is often about introducing security as part of your company culture, about being aware of the risks and well educated about the topic.
By reading this blog you are already on a good path! So, what are the next steps? Well, I’d suggest you to regularly read a security blog for updates and tips regarding security (like ours), or watching this https://www.youtube.com/watch?v=o6W9KRp1jpc of our CEO Nuno Loureiro giving a talk about security in small businesses.
If you provide the service to your customers through a Web Application, you can also read the following blog posts as an introduction on the next steps:
Last but not least, if you have any questions or comments about this blog (or about security in general) please don’t hesitate to contact us, we’d be happy to help and make the internet more secure!