You are behind the wheel of your car pedal to the metal. Everything is « A-OK » and you are completely carefree. Slightly absent minded and without really realizing it, you run the red lights at every intersection. Your foot on the accelerator you say to yourself, “nothing will happen to me, it’s all good, I’ll never get caught.” That’s what SMB Managers say to themselves when they think about cyberattacks and cyber threats. “Seriously, no hacker is going to hit my company. It’s way too small, it’s not what they’re after.”
Often enough, and when often too late, SMB leaders feel that they will not be targeted by hackers. Believing that size matters i.e. the bigger the company the more likely you are of being attacked, they are convinced that they are completely off the grid. When it comes to steering and driving a company to a sustainable future, that kind of attitude is like never worrying about staying alive even though you play Russian roulette every day. These business leaders are in complete denial and wrongly believe they are not at risk although the cybersecurity threat landscape is constantly increasing and is major. Moreover, to make things worse, this belief is often relayed and supported by the media. They tend to report and focus on cyberattacks that are more spectacular in nature usually reporting on huge companies and government administrations or bodies. This explains why that misleading idea continues to be spread. But that could start to change. Cyber criminals don’t care if you’re big or small: for hackers it’s one size fits all!
SMBs…a hacker’s delight
Cyber crime costs continue to grow exponentially year after year. According to McAfee and the CSIS (Center of Strategic and International Studies), the global losses from cybercrime approached 1 trillion dollars in 2020 . That is more than 1% of the global GDP. SMBs aren’t spared, far from it. They are even the prime targets. An SMB is delight for hackers because it is usually incredibly easy to hack or because, like a Trojan horse, it allows hackers to easily break into the networks of much larger organizations (much better protected by definition) they are in business with. According to the Real Estate Securities Commission (CVM) of the United States, SMBs are at much higher risk and are much more vulnerable once they fall victim to cybercrime.” As the number of attacks keep growing just as fast as the profits generated by these attackers, all businesses – whatever their size – need to seriously gear up and protect their IT systems against the outside world. However, that wake-up call still is wishful thinking. It still is not taken as seriously as it should.
The website or how to fall through the cracks
Most of the time, it is the large corporations that have set up cyber protection policies to protect against cyber threats. SMBs however are still in denial. They do not want to admit that they have already fallen victim to an attack or that they will likely be attacked or even worse, they believe that they are already very well protected.
There exists a number of small and medium businesses, even mid-cap companies, having had to go into receivership following a cyber attack. According to the American authorities, half of these companies end up going bankrupt within 6 months following the attack. These examples clearly show, without any hesitation, that the time has come to take the necessary measures to protect against these attacks and mitigate all and any cyber-related risks.
It must be said though, in the business leaders’ defense, that they don’t often realize how easy and quick it is for hackers to exploit network vulnerabilities, and even less so, how detrimental it could be for the website servers, whether they have been updated or are obsolete. According to the US Small Business Administration (SBA), companies that use Web content management systems are even more at risk: “At any given time, between 70% and 80% of users are running outdated versions of WordPress, resulting in critical and well-documented vulnerabilities.”
SMBs have everything to gain by having not only a secure website but a website under constant surveillance.
More traffic = more risk?
In the best case scenario, SMB leaders check on the website traffic of their websites and often notice that traffic is on the rise. However, many studies conducted by independent analyst forms state that 7% of website traffic is cyber threat related i.e. comes from hackers trying to exploit the website’s vulnerabilities. This figure is probably even higher for a “small fish” SMB that provides services to a “bigger fish” company. As mentioned above, these smaller SMBs are targeted and used as passageways to larger organizations that are usually better protected.
The more sophisticated DDoS type attacks (Distributed Denial of Service) have increased by 150% in H1 of 2020, leaving the 10 million mark behind, i.e. 1.6 million attacks more than in 2019. From the very small businesses to large groups, all companies fall victim to attacks especially those that have an e-commerce site.
When SMBs are swamped with DDoS
If DDoS attacks get a lot of media attention, it must be said though that there are other kinds of cyber attacks that are even more damaging to SMBs. For instance, the attacks on software applications by bad bots is now almost systematic. And, to make things worse, bot detection and protecting against bad bots is challenging. On paper though it seems pretty straightforward: bad bots pretend to be good bots like imitating search engine crawlers. What they actually do is a touch more sophisticated: they are out to capture competitive data, takeover accounts and so on. In the most subtle and undetected way, they can block access to a company’s website, ruin the Customer Experience and steal exclusive information. In time, these incidents can obviously erode consumer trust in a brand.
The SMBs that do get attacked suffer much more and have much more to lose than the larger organizations, especially because unlike the large companies, SMBs do not benefit from any kind of market/brand perception or reputation that could help them navigate a crisis. Hackers that use a website to host malware, or to conceal IP addresses that are on a black list, can have consequences on the marketing efforts and strategy of a business that can seriously hurt its SEO ranking for instance. If the company’s website is deemed compromised then that site gets blacklisted until the malware is removed.
Since the middle of 2010, attacks targeting small businesses have not ceased to increase. Despite the risk of being confronted with a major and very likely-to-happen cyber security nightmare, the majority of SMB leaders have still not really grasped the threat posed by cyber crime. And yet, the websites of SMBs are an incredible playground/gold mine for hackers.
No SMB, no matter how small in size, should forget that value is not determined by the amount of data.
Cyber Security Rating
Become a partner