If you’re a small or midsize business (SMB) owner, you may think your organization is too little or unattractive for the most dangerous and sophisticated cyber-criminals to notice.
You are mistaken.
At one time, yes, most online attackers focused their attention on larger enterprises; but today, over half of malware attack victims are categorized as small businesses, according to the Verizon Data Breach Investigations Report (DBIR).i The emergence of easy-to-deploy attacks like ransomware have changed the calculus for cyber-criminals, making it low-cost and high-reward to specifically target SMBs over larger businesses.
“It’s a real epidemic,” says cybersecurity expert Daniel Tobok. “Twenty years ago, the big criminals were really only interested in government and bankers and banking associations, because they held a lot of meaty things that they could monetize quickly. But as those enterprises grew more educated and more secure, [SMBs] are one of the biggest attack vectors for cybercriminals and state-sponsored attacks, because smaller enterprises are not as mature when it comes to their security.”ii
That’s right: the situation has completely reversed, with small businesses now the preferred target. Instead of following the money, cybercriminals are targeting the low hanging fruit.
That means businesses like yours.
This may come as some surprise: data breaches and other cyber-attacks have been writ large in news headlines for years now, but the media tends to focus on the most spectacular security failures, like the now-infamous attacks on giants like Target, Home Depot, Yahoo!, Equifax, and more.