For Efficient Escrow Services of Orange County, California, it would have been a merry holiday in December 2012 – except that it wasn’t. Unknown to the company, cybercriminals had stealthily entered their network through a Trojan virus and raided the bank accounts.
The attackers wired a whopping $432,215 to an account in Moscow, Russia. But they didn’t stop there. The following month, they did it again successfully twice, sending as much as $1.1 million to a province in China.
With such a huge amount lost, the company detected the illegal transfer right away. However, cyberattacks were far from their minds and instead blamed it on embezzlement. By the time they did, they couldn’t recover all the money, leaving them with over a million-dollar deficit.
Although they reported the incident to the California Department of Corporations, the state eventually had to shut down its operations, and the company laid off all its employees.
Sadly, they are not the only business that experiences cyberattacks. According to the data collected by Fundera, as many as 43% of these incidents target small businesses, costing over $2.2 million each year. If that isn’t enough, more than half of the victims closed their operations within six months, with their brand badly damaged and owners probably facing lawsuits.
These Factors Leave Small Businesses Vulnerable
Make no mistake: hackers also target large businesses. Some reports suggest that a number prefer multinational organizations because of the vast amounts of data – and money – they own. However, the impact of these attacks is more severe among small businesses.
Why are small-scale organizations vulnerable? It could be due to the following factors:
1. They Don’t Invest in Cybersecurity
According to statistics, small businesses are aware of cyberattacks and the harm that comes with them. About 66% said they are concerned about their risk. Despite this, the Cyber Readiness Institute survey revealed that only 40% had implemented a cybersecurity policy. Over half of them didn’t have any online security plans at all.
Further, a 2018 Juniper Research showed that while some attempted to invest in cybersecurity, they spent less than $500 annually. Many also didn’t consider building an in-house security team, let alone outsource such a service.
2. They Don’t Understand Their Cybersecurity Risks
Understanding is different from awareness, and it shows how easy it is for cybercriminals to penetrate networks of small businesses. The Fundera data revealed that nearly 50% of small companies didn’t have enough knowledge or comprehension of the risks and how to protect themselves.
Some mistakenly believe that hackers wouldn’t choose them since they’re small. Others spend less on cybersecurity because they don’t know how dangerous these attacks can be.
3. Inside Job Remains the Biggest Reason for Cyberattacks
While hackers these days are getting smarter and more tech-savvy, often, the attacks are still a crime of opportunity and convenience. They usually wait until one of the employees inadvertently or deliberately make their company information more vulnerable.
In the 2016 IBM data, cybercriminals caused only 44% of the attacks. Over 50% were because of an inside job. About 15% were accidental:
- Employees might click or download an attachment containing malware.
- They might have lost their mobile device or accessed an unsecured public network.
- They might have shared their password and e-mail address to another person.
Unfortunately, at least 44% of these attacks were malicious. The employee might decide to download the data and sell it in the black market or do it for spite. They can also be in cahoots with cybercriminals even before they joined the organization.
4. Many Small Businesses Don’t Report the Breach
According to the Internal Crime Complaint Center, the United States experienced about 350,000 cybercrimes in 2018. However, no more than 20% of the affected businesses, which were mostly small scale, reported it to law enforcement.
It could be due to many reasons. For one, these companies might think there’s nothing they – or the law enforcement – could do. Investigations can take a while, and they might never determine the culprit. Others choose to protect their reputation the best they can.
What Can Businesses Do?
Small businesses need to realize they’re bound to lose more when they hide the breach or don’t invest in cybersecurity. Worse, experts forecast that these attacks won’t stop anytime soon. Rather, they will become more frequent.
Fortunately, small companies have options these days. Many IT companies can provide personalized services according to the needs, budget, and nature of the business. These plans are scalable, so as the business grows, so does their access to protection.