A West Coast real estate developer, a New England confectionery and an East Coast construction firm all have something in common: They each lost as much as $1 million to cybercriminals who employed an arsenal of sophisticated weapons.
As hackers recognize that good things come in small packages, and as large enterprises improve their information security, these thieves are increasingly targeting small- and medium-sized businesses (SMB).
Limited resources, budgets and staffing make these businesses easy targets for cybercriminals, who also manage to find their way around security roadblocks, requiring every business to constantly be alert.
SMBs face life-threatening reputational, financial and operational risks should a breach occur, now is a crucial time for them to concentrate on creating an effective cybersecurity strategy that maximizes their protection and minimizes their risk.
Consider these alarming statistics:
Forty-three percent of cyberattacks target small businesses;
Only 14% of small businesses consider their cyber defenses to be highly effective;
The average SMB data breach costs $86,500 in recovery costs; and
Sixty percent of small companies fail within six months of a breach.
The real impact of data thefts
Several different scenarios can open the door to data theft. Its impact usually extends well beyond the business itself to customers, partners and others. For SMBs, the top security concerns are:
Targeted phishing attacks against employees or vendors;
Advanced persistent threats;
Denial-of-service attacks; and
The proliferation of employees permitted to use their own mobile devices.
In the case of the real estate developer, for example, a hacked email account between him and his bookkeeper triggered that theft. At the confectionery, a data breach led to stolen customer information. At the construction firm, malware installed on the company’s system led to online cash transfers from its bank accounts to the crooks.
So, how can SMBs defend themselves against what information security experts consider the increasingly inevitable cybertheft? While no one magic bullet exists, SMBs can take these six steps to become more security-conscious and prepared.