Why Hackers Have Small & Medium-Sized Organisations In Their Sights
Would you take the time - and risk - to hack one person, or hack one organisation with a payload in the thousands, if not hundreds of thousands?
It’s no secret that in recent years, hackers are well and truly targeting small and medium-sized organisations for an easy payday. It’s a war fought on many fronts: a ransomware attack, whereby a third-party essentially locks up all your data and networks, leaving you unable to even log in until a ransom is paid. There’s entry point attacks, where your small, humble organisation could be the point of entry for hacker to gain access to one of your customers or suppliers for further financial gain. There’s phishing attempts to get access to your company’s intellectual property and financial details; as well as all the details of your staff that are stored in your network.
There’s a lucrative black market out there for the sale of user data, including details that can be leveraged for identity-theft and various types of fraud that a hacker can gain from, and with the rise of that malevolent market, so too has the number of attacks on small businesses risen. A report from Symantec that came out a long, long time ago showed that between 2011-12, there was a 300% increase of cyberattacks on small businesses in the span of just twelve months. Statistics published in 2016 purported that 43 per cent of all cyber-attacks online were targetting small businesses; a staggering figure considering just how many targets there are out there, yet, small businesses seem to be taking nearly 50% of the damage. Verizon’s Data Breach Investigations Report claimed that 58% of the reported data breaches they were able to gather data for were targetting small businesses; organisations with 250 or fewer employees. Hiscox has released a report stating that there was a “sharp increase” in the number of reported cyberattacks on small firms, rising from 33% to 47% as well as medium-sized organisations which were up 63% from 36%.
In today’s landscape, insurer Gallagher estimates that there are 57,000 small and medium-sized organisations that would be forced to close their doors in the aftermath of a cyber breach within just 30 days. Data from Ventures shows that the cybercrime industry is set to cost the world’s economy as much as $6-trillion in just twelve month’s time; the scale of the problem businesses face is plain to be seen.
John Brandon, contributing editor of Inc.com writes that “smaller companies are attractive because they tend to have weaker online security. They’re also doing more business than ever online via cloud services that don’t use strong encryption technology. To a hacker, that translates into reams of sensitive data behind a door with an easy lock to pick. If you have any Fortune 500 companies as customers, you’re an even more enticing target- you’re an entry point.”
There was a widely-published hack on Target in the U.S., where the hackers were able to access not just the names and personal details of customers, but their credit card details too. Tens of millions were swept up in the mess, and Target went, quite rightly, into damage control mode. There’s a little known fact about this case, however. Hackers gained access to Target’s network not by breaching the company’s fortified walls, but through a small air conditioning contractor. They were able to breach this contractor, and then, using the login information captured found themselves inside Target’s network.
Cyrus Walker, Managing Principal at Data Defenders told Forbes that “the threat environment is active and intense… A cybercriminal has a much greater opportunity for success in attacking a small business because small businesses are very weak in their security countermeasures,” exemplifying exactly what we’re talking about here. While the pot of gold might be smaller, a cybercriminal doesn’t need to invest too much of their time into compromising your organisation and then moving right onto the next. “Two key mistakes small companies make that leave them vulnerable to cyber-attacks are they assume they won’t be targeted and they don’t provide any cybersecurity training for their employees,” Walker continued to explain. “The top cybersecurity threat to small businesses is really an insider threat because employees let the cybercriminals in.”
The cost of these attacks on small business are severe, if not fatal. Statistics show that as many as 60% of small-to-medium-sized organisations that are hit by a cyberattack fail to recover and ultimately close their doors. Tragically, this wasn’t down to a lack of customers, falling revenues or having an undesirable product or service on the market, it was down to a cyber attack launched by a nefarious third-party looking for an easy pay-day.
Collateral damage in a war with no rules that is only set to intensify.
Thanks for your time- I'll see you in the next piece.