Cyberattacks Putting Small Companies out of Business

Cyberattacks Putting Small Companies out of Business

The fastest growing form of criminal activity in today’s digital transformation is none other than cybercrime. According to Accenture, it is going to cost businesses approximately $5.2 trillion worldwide in the next five years, which is undoubtedly worrying for modern executives. Small businesses have become the favorite target of most high-tech criminals due to which 43% of all online attacks are aimed at them. However, only 14% of small businesses are actually prepared to defend themselves. Therefore, network security leaders assert that these small business owners have to make high tech security their topmost priority.  

According to online security providers, modern IT infrastructures are more sophisticated and complex than ever and the amount of virtual ground that needs to be protected has also grown rapidly. From desktop interactions to mobile, cybercriminals have no shortage of opportunities for launching thousands of digital attacks that are aimed at compromising a business’s operations at every turn. It only takes just one of these attacks to connect and wreak serious havoc for the business. Thus, it is a given that the high-tech parameters implemented virtually by every modern business will eventually be breached. With this being the case, small businesses should no longer be thinking if security threats will occur, but should start thinking in terms of when. 

What’s worse is that the consequences of these cyberattacks are growing and on average, they cost a small business $200,000. As a result, within six months of being targeted, nearly 60% of small businesses go out of business. There has also been an increase in the frequency with which these attacks are occurring. Statistics show that nearly half of all small businesses had to deal with a breach in the previous year and every 4 in 10 businesses had to deal with multiple attacks. What’s worrying is a study that revealed 66% of senior decision makers working in small businesses are still of the opinion that there is very little possibility of them being targeted by online criminals.  

Likewise, 6 in 10 small businesses have not implemented in any digital security plan at all, which has highlighted the need for better industry awareness and education throughout the industry. It is a fact that these cybercriminals are getting smarter, cyberattacks are occurring faster and cybersecurity is becoming more complex than ever. The latest attacks are able to exploit the vulnerabilities in all computer networks rather speedily. Cybercriminals are able to infect the networks, much like human immune systems and it doesn’t take them more than an hour to take over even major networks.  

Furthermore, the problem is that these digital threats are not detected right away and on average, it takes 101 days for a business to become aware of them. Therefore, the damage inflicted by these threats on organizations and their consequences can add up pretty quickly. There have been several cases like these. For instance, DoorDash, the popular online delivery startup suffered a major data breach this September. Hackers were able to steal sensitive user data of more than 4.9 million customers and it cost the startup tens of thousands of dollars in expenses.  

Similarly, Volunteer Voyages, the humanitarian aid trip organizer and a single-owner business, had their debit card pilfered by an online thief, which resulted in fraudulent charges of $14,000 that were not reimbursed by the bank. Likewise, Miracle Systems, which is a government contractor providing engineering and IT services to more than 20 federal agencies suffered from an internal server breach, which caused losses of $500,000 to $1 million. While these charges are substantial, they don’t factor the additional damage inflicted on intangible assets, such as customer goodwill and brand reputation. 

This is exactly what happened with Miracle and the company was shocked to discover that hackers were openly selling the data they had stolen on international cybercrime forums for a price of $60,000. Suffice it to say, the ancillary costs that occur due to cyberattacks can quickly add up for a small business when you factor in additional expenses, such as loss of customer relationships and revenue, technical investigations attorneys’ fees and regulatory compliance. According to McAfee, the antivirus provider, there are 480 new high-tech threats that surface every minute. Therefore, it is ironic that one of the greatest threats to any organization’s wellbeing is none other than human error. 

Only 3 in 10 employees are provided with cybersecurity training annually, which has made it immensely easy for any email scammer or enterprising con artist to circumvent even the most sophisticated digital safeguards. Experts have warned that threats now come not just from external sources, but also from internal staffers and the increasing amount of sensitive information that modern businesses have to juggle, the best cyber defenses are those that are multi-pronged. Taking a multi-faceted approach has become crucial. Businesses cannot just implement security tools and consider their job done; employees also need to be trained as they play an important role in countering online threats.  

A mix of high-tech and low-tech strategies have to be implemented by small businesses for this purpose and some of them include: 

  • Backing up data daily and duplicating backups that can be retrieved in case the system is compromised in any way. 
  • Installing an antivirus and updating it regularly, along with network firewall and information encryption tools for counteracting harmful programs and viruses, keeping sensitive information safe and guarding against incoming denial-of-service attacks. 
  • Limited access of employees to the folders, files and applications that are required for performing routine tasks. 
  • Engaging in teaching exercises and drills based in real-world scenarios that test the ability of employees for detecting scammers and responding appropriately to any fraudulent requests. 
  • Providing up-to-date and regular training to staffers every 90 days on the latest online trends and threats in cybercrime. 
  • Making use of multifactor authentication before giving authorization for any major, irregular or uncommon or time-sensitive requests. 
  • Conducting risk assessments and vulnerability testing on an ongoing basis on applications and computer networks to identify and address possible areas of weaknesses before they are exploited.  

Comments are closed.