The fact that cybercrime is on the rise all over the world is no longer news, whether we’re talking about phishing, malware, ransomware, Denial-of-Service (DoS), spoofing or other types of attacks. This unfortunate development can be attributed to a number of factors such as the heavy dependence on technology in all aspects of our lives and the growing number of interconnected networks and devices, along with the increasingly sophisticated tools and tactics used by cybercriminals and the lack of adequate cybersecurity measures from companies.
A recent Cybersecurity Ventures report reveals that the global cost of cyberattacks is expected to surpass $8 trillion in 2023. And that’s only an estimate based on the attacks that get reported, but the real figures are much higher than that. So, cybercrime has undoubtedly become big business these days and it’s only going to get bigger if things continue to progress at this rate.
While it’s true that all businesses regardless of size and industry can become a potential target of cyberattacks, this phenomenon doesn’t affect all companies equally. Contrary to popular belief, smaller businesses seem to be at greater risk of being targeted by cybercriminals compared to bigger enterprises. Unfortunately, most small firms learn the hard way that no one is immune to cybercrime. And it’s often the customers that pay the highest price, having to deal with financial loss, stress and filing compensation claims, which you can read more about at https://www.publicinterestlawyers.co.uk/data-breach-compensation/data-breach-compensation-claim-examples/.
Size matters when it comes to cyberattacks
If you follow the news on this particular topic, you might get the idea that large multinationals and corporations are the primary targets for cybercriminals, when in fact it’s quite the opposite. That’s because it’s usually the high-profile attacks that make the headlines since they have a more resounding impact, while small business breaches tend to go under the radar. Some of them are not even reported and even if they were they are simply not newsworthy.
This presupposition also has to do with the fact that in theory criminals stand more to gain by targeting bigger companies which hold larger amounts of data that they could steal and use to their advantage. However, the statistics clearly indicate that hackers prefer to attack small and medium-sized companies (SMBs) rather than powerful corporations. According to Accenture’s Cybercrime study, 43% of all data breaches involve small businesses and the average annual loss these companies register due to cybercrime amounts to approximately $25,000.
Another report from cloud security company Barracuda Networks reveals that small-scale enterprises are three times more likely to suffer a cyberattack compared to their larger counterparts. These findings clearly prove that size matters when it comes to social engineering attacks and small companies are indeed in the line of fire.
Why are the risks higher for small companies?
The figures are quite telling but they don’t provide an explanation as to why cybercriminals prefer to target smaller businesses over larger ones when they plot their malicious schemes, so we have to dig a bit deeper to reveal the causes.
The same assumptions that we’ve already mentioned whereby it’s more profitable for hackers to go after bigger fish makes small organisations unaware of the gravity of the situations and the risks they are exposed to. Many of these firms don’t pay much attention to cybersecurity and don’t invest enough into building strong security systems to ward off attacks not because they lack funds but because they don’t see themselves as potential targets. This leaves them exposed and vulnerable and allows hackers to exploit their weaknesses and break into their networks without much effort. They are sitting ducks for criminals who can’t pass on such an easy opportunity to make a profit.
The way small businesses handle an attack also gives cybercriminals a solid reason to choose them as their targets. When a company suffers a ransomware attack, there are two different courses of action they can choose: pay hackers the amount of money required for restoring access to data or recovering stolen files or refuse to comply with their requests and hope that they’ll be able to solve the situation on their own terms and recover.
Unfortunately, for small businesses, saying no to cybercriminals is not always an option. Since many of them lack adequate security measures, they don’t have backups of their files that they can rely on in these situations. Not being able to retrieve their files is often more damaging than paying the ransom, as hefty as the sum might be. This leaves them in a very vulnerable position where they have no other choice but to do as they are told.
Another aspect that many people don’t understand when it comes to the way cybercriminals operate is their end goal. Just because ill-intentioned actors target small-to-medium-sized businesses primarily doesn’t mean they don’t have bigger plans on their minds. In most instances, attacking SBMs is just the first step in the process of accessing larger enterprises and getting hold of massive amounts of data.
To that end, small companies serve as entry points for reaching large organisations. They infiltrate lower-level networks that are more vulnerable and easier to access and then they move up in the hierarchy until they hit the jackpot. This is possible because usually big companies outsource certain tasks or services to smaller providers, and that can become an access tunnel for shrewd criminals who know how to spot the cracks in the system and exploit them.
Cybercriminals will always look for the weakest link in a chain to put their malicious plans into action, and small to medium-sized companies fit this description perfectly. But knowing that SMBs are more likely to get hacked than bigger firms should serve as a wake-up call and prompt them to boost their defences so they can keep these increasingly concerning threats at bay in the long run.