The number of small and medium-sized enterprises that currently don’t have a cybersecurity system in place is alarming, and it’s about time that owners start caring about the impact cyber threats can have on the business.
Several sources have found that an outstanding amount of U.S. small businesses, which represent 99.9% of American businesses and account for 44% of economic activity, do not have sufficient protection or a dedicated budget for cybersecurity.
The World Economic Forum found that 95% of cybersecurity breaches are attributed due to human error. What’s more, further research from Accenture found that nearly 43% of attacks are directed toward small and medium-sized (SMB) enterprises.
In recent years, studies by IBM have found that the cost of data breaches, on average, have increased by 10% in 2021 to more than $4.24 million according to their Data Breach Report 2021.
A further look showed that the cost of resolving cyberattacks and threats was significantly lower among companies and enterprises that had security infrastructure in place. Currently, only 14% of SMBs are well-prepared for such an attack, those that are unaccounted for are running higher risks of seeing an increased number of cyber threats in the coming years.
Even more worrisome, is the rate at which cyber threats have increased in recent years.
Findings in McAfee Enterprise and FireEye report – Cybercrime in a Pandemic World: The Impact of COVID-19 – revealed that a robust 81% of organizations did experience some form of cyber threat during the height of the pandemic in 2020. On top of this, 79% of those organizations endured downtime amid digital and online risks during the peak shopping season.
You know that it’s time to be concerned when cybersecurity threats and dangers have become a national issue for governments across the globe, including the United States, which has some of the most advanced security infrastructures in place.
SMBs are at higher risk
As demand for digital experiences sees steady growth, and with the onset of the pandemic back in 2020, consumer trends in online shopping, eCommerce, and virtual work only escalated cybersecurity risks even further.
Yet, these threats are spread across the board and affect nearly every business regardless of their industry.
CheckPoint research shows that the average weekly attack per organization globally reached a near tipping point at 1,130 attacks per week by the third quarter of 2022.
Sectors that experienced the most frequent attacks included education, research, and healthcare. Businesses noticed a sharp rise in ransomware attacks, a form of crypto virology that denies users access to their files, data, and information on their devices unless a ransom is paid. In recent years, ransomware attacks have also become more severe, and costly, with bad actors threatening to publish private and confidential information of businesses and individuals if they are unable to meet their demands.
While larger corporations, organizations, and government entities can negotiate ransoms, and meet the demands of cybercriminals, smaller businesses with fewer available resources are left to their demise.
What’s more, some businesses are unable to deny ransom negotiations, perhaps not because they have the resources, but simply because they do not have any available backup of their information and data.
Impossible to negotiate or find reasonable terms, SMB owners are left having to pay a ransom, hoping that malicious players will return control of their systems – which is not always promised or guaranteed.
And ransom payments have skyrocketed in recent years.
According to findings by Palo Alto Networks, a leader in cybersecurity systems, the average ransom payment amount has gone up from $500 in 2016 to more than $925,162 within the first five months of 2022.
Incident respondents noticed that ransom payments have jumped by 71% between 2021 and 2022, which included remediation expenses, downtime, and reputational harm for victims.
Victims are left having to pay eye-watering amounts to retrieve control over their systems or access their data, and as mentioned, after a ransom has been paid, these conditions are not always promised by bad actors.
The virtual world of cybercrime is a lawless ecosystem and it’s become harder and increasingly expensive for everyone involved to get these threats under control.
SMBs are less concerned
Although there is an indication that following a slew of threats and attacks over the last couple of years, some small business owners have taken up the responsibility of updating their cybersecurity infrastructure.
For those that have been more lenient with these efforts, several factors contribute to them feeling less concerned than they should be.
For starters, cybersecurity systems are considered too expensive or regarded as a costly investment for small businesses, especially for those enterprises with a single owner. Some small business owners opt to rely on more traditional security measures, such as primitive online and device protection that’s affordable and can be installed at home on their computers.
Then some feel they will never become a victim of cybercrime, even if they operate a small-scale business from their home computer or laptop. Some feel that it might not be in their best interest, or that of the business to invest in the proper cybersecurity resources.
Issues such as outdated devices such as computers and laptops can no longer support newer and more advanced software. This generally means that some business owners would rather rely on older software, hoping it would protect their information and data in the event of a cyber threat.
Knowledge and education is another problem. Not all business owners are equally versed in what a cyber threat is, how it can occur, or what it even looks like.
And business owners will need to learn a lot at once if they want to get on top of things.
Threats including phishing, baiting, spoofing websites, smishing, malware attacks, Denial-of-Service (DoS), and botnets, among others are only a few of the more prevalent threats these days.
For business owners on the other hand, it would mean they need to get clued up on how these threats present themself, and what the protocol is when they encounter any of them. This requires both time and financial investment from their end, something which may be limited during the first few months and years of any new business.
Another facet is that business owners do not have sufficient financial investment for cybersecurity systems during the first couple of years. This means that for some time, they will use devices that are not adequately protected or prepared to endure a possible threat or attack.
Although they can invest the necessary resources, some of them remain reluctant at first that they will be victims of a possible attack.
The bottom line
Small and medium enterprises are just as exposed to and at risk of cyber threats as their bigger counterparts. The sharp rise in cyber threats has made it increasingly challenging for business owners to operate without the appropriate infrastructure in place.
Problems of having sufficient investment, knowledge, and interest in cybersecurity are not only putting them at risk but at the same time their businesses as well.
Unfortunately, at some other times, it will boil down to business owners undergoing an attack or possible threat before they erect appropriate infrastructure. This puts their business, reputation, and financial position at risk, and the repercussions could be costly.
Business owners and individuals will need to take cybersecurity more seriously, sharpen their knowledge, and have the right infrastructure in place in case of a threat. While these systems won’t eliminate bad actors, they at least acts as a barrier between you and malicious artists.