Small Businesses Biggest Target of Cyber Attacks

cyber security
Small businesses have become a key target for cyber criminals, according to a report by Symantec. The security software firm found that 51 percent of all cyber attacks against businesses hit companies with less than 2,500 employees. Thirty-one percent of those attacks were against businesses with less than 250 employees.

At the same time, the report found that small businesses are unlikely to see themselves as targets for cyber attacks. Sixty-six percent of small business owners were not concerned about cyber threats in a recent survey and 59 percent did not have a plan to handle data breaches.

“All companies are vulnerable to attacks from hackers and cyber criminals,” Andrew Jaquith, CTO at SilverSky, told in an email. “The one common denominator is that individual users pose the greatest threat to a company’s security. The corporate network is only as strong as its weakest link—the uninformed or careless user.”

In addition to hurting businesses, these security holes put consumer’s financial information at risk. According Mike Logan, president of Axis Technology, companies that deal with individuals’ health, financial data and credit card information are most at risk for cyber attacks.

Criminals also use small businesses to attack larger companies. The report found that attackers often breach small businesses that have business relationships with larger companies, instead of attacking the larger company directly.

The biggest risk these security holes pose to any business is the threat of having their financial information compromised. If cyber criminals gain access to a business’ sensitive financial information, such as bank account and credit card numbers, they may be able to scam employees, make purchases or take out business loans in the company’s name.

The Federal Trade Commission requires lending institutions to protect their small business customers from identity theft, but several crimes have still occurred.

In January of 2012, 24 million identities were stolen when Zappos suffered a security breach. That June, LinkedIn suffered a similar attack and in August hackers breached the Reuters news service and posted fake stories on their website and Twitter.

A 2012 study by the Association of Certified Fraud Examiners found that participants from around the world typically lost five percent of their revenues to fraud each year. Most fraud cases affect small businesses and companies in the banking and financial services.

To protect against identity theft, businesses should first acknowledge that their private information is vulnerable, then establish the fundamentals of secure online procedures. 

“SMBs have to stress the basics,” Jaquith said. “As an organization, regardless of size, what you do now will make a big difference in the future.”