Small Businesses Face Increased Cyber Risk

Small and medium-sized enterprises (SMEs) are facing a greater risk for data theft.

Data theft, ransomware, and other forms of cyber attack are now common forms of criminal enterprise. While large data networks, and research and financial institutions remain prime targets for hacking gangs and nation-state actors, more criminal effort is going toward data assets maintained by smaller companies.

In 2015, the Commissioner of the U.S. Securities and Exchange Commission (SEC) called for more focus and support for SMEs facing cyber risk due to inadequate cybersecurity. In 2016, internet security firm Symantec reported 43% of phishing campaigns are aimed at small businesses. Why?

There are some good reasons smaller and middle market businesses are attractive to cybercriminals, including:

• Technology levels the playing field between providers of many kinds of services. A smaller company can now enter a regulated or another service sector by using SaaS solutions available to its competitors. In many cases, significant infrastructure investments are no longer needed to provide high-quality services to types of clients once out of reach to smaller entrepreneurs. Offering services to public and private clients, SMEs become aggregators of confidential data including healthcare, financial, and personal information that is attractive and valuable to hackers who wish to steal and sell personal information.

• Because SMEs are newer to the game, many owners and their employees do not have training on avoiding phishing schemes that lead to attacks involving ransomware. While a large company could likely withstand a ransomware attack, a single ransomware attack on a small enterprise doing business without reliable backup data or financial resources can spell the end of the company.

• While offering specialized skills to larger partners, smaller enterprises often lack robust cyber protection and personnel for digital defense. As an entry point to a larger network, third-party vendors are often the vulnerable gateway.

No business is too small for risk analysis and a business continuity plan. Get ready today for the cyber attack that may launch tomorrow.