Why SMEs Are Big Targets for Cyberattacks
Reports by mainstream media often highlight cyberattacks against large corporations. These reports lead to the belief that cybercriminals target only large companies. The truth is far from this belief.
Cost of Cyberattacks on SMEs
According to StaySafeOnline.org, a site maintained by the National Cyber Security Alliance, 71% of security breaches target small businesses and nearly half of all small businesses have been victims of cyberattacks.
Despite these high number of security breach attempts on small businesses and high number of cyberattack victims, StaySafeOnline.org said that “many SMBs believe they are not vulnerable to cyber attacks because of their small size and limited assets.”
Visa Inc. estimated that nearly 95% of the credit-card data breaches it discovered were from its smallest business customers.
Data stolen by cybercriminals have corresponding value: one credit card number is worth $1 in the black market and health information that can be used for identity theft is worth $10. This collective black market value of stolen consumer data, the Canadian Chamber of Commerce said, is hindering Canada’s ability to compete globally.
The Center for Strategic and International Studies reported that Canada loses 0.17% of its gross domestic product (GDP) – equivalent to more than $3 billion per year – to cybercrime. Canada’s Standing Senate Committee on Banking, Trade and Commerce, meanwhile, reported that 8 million Canadians fell victim to cybercrime in 2016.
According to the Canadian Chamber of Commerce, a data breach costing $6 million would break many Canadian small businesses.
SMEs comprised 98% of the Canadian economy and most of these SMEs, according to the Canadian Chamber of Commerce, are small businesses. Some notable contributions of small businesses to the Canadian economy include being the source of between 60 to 80% of all jobs created in Canada and contributing 30% to the GDP of their province, the Canadian Chamber of Commerce added.
Better Business Bureau (BBB), meanwhile, reported that small businesses make up more than 97% of the total businesses in North America.
Top 3 Reasons Why Cybercriminals Attack SMEs
Cybercriminals are more likely to attack SMEs (defined as organizations with 250 to 499 employees) than larger organizations due to the following three reasons:
- Lack of Resources
Cybercriminals believe that SMEs are susceptible to cyberattacks due to lack the financial resources and technical expertise required to protect themselves.
- SMEs’ Partnerships with Larger Businesses
Cyberattackers go after SMEs as they see value in the partnerships of SMEs with larger businesses. For instance, an attack on the point of sale (POS) machine of a brick and mortar business may be a means or a back channel to the true target of hackers: larger business which partners with the brick and mortar business.
- IT Infrastructure Guarded Less
Because of lack resources and technical expertise, cyberattackers assume that SMEs’ IT infrastructure and critical data, including intellectual property, credit card credentials and other identifying information are less guarded.
Cisco’s 2017 Security Capabilities Benchmark Study showed that due to smaller budgets and lack of expertise, SMEs are less likely to have key security defenses compared to larger businesses. The Cisco study showed the following security defenses discrepancies between SMEs and large businesses:
- Only 40% of SMEs reported using data loss prevention, compared with 52% of large organizations
- Only 33% of SMEs reported using distributed denial of service (DDoS) defense, compared with 39% of large organizations
- Only 34% of SMEs reported using email security solution, compared with 45% of large organizations
- Only 39% of SMEs use encryption/privacy/data protection, compared with 52% of large organizations
- Only 36% of SMEs use endpoint protection/antivirus, anti-malware, compared with 45% of large organizations
- Only 26% of SMEs use patching and configuration, compared with 35% of large organizations
- Only 37% of SMEs use web security, compared with 45% of large organizations
BBB’s 2017 state of cybersecurity among small businesses in North America study showed the following findings:
- 11% of small businesses in North America have no cybersecurity measures in place
- Only 15% have security incident response plan
- Only 17% have dedicated internal individual or team explicitly charged with information security responsibilities
- Only 20% have internal cybersecurity audits/threat assessment
- Only 20% have ongoing monitoring/analysis of cybersecurity intelligence
- Only 47% have employee cybersecurity education
Cybersecurity Best Practices for SMEs
It’s a matter of survival for SMEs to put in place cybersecurity best practices as compared to larger organizations.
“If a public breach damages a brand and causes customers to switch to a competitor, a larger business can weather the impact better than a smaller business,” Cisco said in its 2017 midyear cybersecurity report.
Understandably, budget for cybersecurity in small businesses is an issue. Effective allocation of resources to cybersecurity is necessary.
“This question [effective allocation of resources to cybersecurity] is even more critical for smaller businesses: they cannot afford to make mistakes when committing to such important and potentially expensive investments and need to be as effective as possible in the allocation of resources,” the Better Business Bureau said.
At GenX, we understand your organization’s need to protect your IT infrastructure and critical data. At the same time, we understand your organization’s limited resources.
Rather than viewing cybersecurity as a financial burden, cybersecurity can be seen as an advantage. Your organization will be able to attract more customers and easily close business deals if your organization can boast of an efficient and effective cybersecurity system.
Having cybersecurity measures in place in your organization will also shield your organization from future litigations and penalties from governmental bodies as a result of the coming implementation of the European Union’s General Data Protection Regulation (GDPR) and Canada’s Digital Privacy Act.
At GenX, we offer the following information security services:
- Firewall with customized configuration and rules
- Secured Virtual Private Network (VPN) for remote access
- Intrusion prevention
- Threat detection and response
- Website tracking and filtering
- Reputation monitoring and defense
- Email Spam blocking
- Data loss prevention
- Complete Application control