SMBs Are NOT Too Small for Cyber Attacks, They’re Just Too Small to Make the News

img blog SMBs Are NOT Too Small Cyber Attacks They Are Just Too Small Make News r1

As cyber security specialists, the team at Adaptive Office Solutions knows firsthand how vulnerable SMBs are to cyberattacks. In fact, a few years ago, Brett Gallant – Adaptive’s founder and CEO – had to make a VERY difficult decision… Offer more affordable cyber protection plans that provided minimum protection, or only offer multi-layered cyber security plans that he felt would truly safeguard SMBs.

The reason the decision was difficult? He knew he would lose some long-standing clients. At the same time, Brett also knew that he would rather lose them than knowingly expose them to cyber threats. 

Basically, it was a no-win situation. If Adaptive offered inferior cyber plans, these businesses would eventually be victims of a cyber attack. And if clients left without a solid cyber security plan in place, they would be met with the same ill fate. 

It was a very difficult period in Adaptive’s evolution, but as the saying goes… You can lead a horse to water, but you can’t make them drink. At the same time, you don’t want to stand by and bear witness to their suffering. 

In the past few years, Adaptive has heard many stories about cyber attacks on former clients, and it always stings. Some were able to recover, others paid ransoms, and some went out of business. But, they all had three things in common… they all lost data, spent more money to recover from cyber attacks than to prevent them, and… none of them made the news.

Most likely, that was by design. Meaning, most SMBs wouldn’t willingly publish negative information about their own company. But, therein lies the problem… if attacks on SMBs aren’t reported, other SMBs don’t think they’re happening. But, ignorance isn’t bliss, it’s a recipe for disaster. 

So, if you are one of those SMBs who think basic protection, like a firewall and anti-virus are enough, they’re not. Or maybe you’ve gone the extra mile and added malware protection Oh… and you always install the latest software patches, you’ve implemented spam control, you do routine maintenance, and regular backups. Guess what… that’s not even close to being a comprehensive, multi-layered cyber protection plan. 

Don’t believe us? Let’s take a look at what some other sources are saying…

Cybersecurity: A Problem Too Big for Small Business to Ignore

In excerpts from an article by the Atlantic, they wrote, “As hackers turn increasingly to smaller, softer targets, even sole proprietors need to focus hard on cyber-risk.  

According to a CNN poll, almost half of all American adults have been hacked, having fallen prey to email-phishing scams, social-media hijackings, ransomware, or malware infestations of personal websites. For individuals, such hacks are embarrassing and sometimes expensive. For small businesses, they can be devastating.

They’re also becoming increasingly common. The latest report from Symantec’s Global Intelligence Network discovered a major surge in hack attacks on small businesses. Law enforcement sources and other cybersecurity experts confirm that small businesses are now the victims of at least half of all cybersecurity breaches.

And yet, according to a survey by AT&T, only 53% of companies with fewer than 50 employees place a high priority on cybersecurity, compared to two-thirds of larger ones—and only 30 percent of smaller companies have an employee-training program in place to guard against and recover from breaches. 

“There are two kinds of small businesses,” says Jack Bienko, director for entrepreneurship education at the Small Business Administration, “one that’s been breached and one that doesn’t know it’s been breached.” Since the small-business population provides the lion’s share of all new jobs in the country, cybersecurity is an issue not just for them but also for the national economy.

One reason for the neglect is that many businesses don’t even realize they’ve been compromised—because the stolen information is being used for a larger scheme involving multiple targets, or sometimes simply because it’s being saved for a subsequent attack. But virtually every small business, from food trucks to dentist offices to retail startups, depends on an ever-growing number of internet services to do what it does, and as those services multiply, so do the dangers of doing nothing.

A recent survey by SurePayroll, a small business service, found that companies with fewer than ten employees use low-cost online tools for everything from marketing, organization, data and information storage, to tracking sales and engaging with customers.  Employees and proprietors are also accessing an increasing amount of their companies’ data from mobile devices.

“Technology has allowed individual entrepreneurs to start their own businesses more quickly and to grow at hyper-speed,” says Bienko, “but we’ve eventually realized that the potential trade-off is managing the risk of using a lot of technology.”

While massive attacks at large corporations have prompted major investments in cybersecurity, small businesses—even some that have had security breaches—have done very little, preferring to fund more obvious priorities, such as marketing, sales, and product development. 

Yet at a time when hackers have turned the focus on small businesses, especially those most reliant on remote access to office networks, failing to invest in cybersecurity defies good business sense.

“For a long time, the idea was that you only have so many resources, and you need to make the decisions that most impact your bottom line,” says Rieva Lesonsky, a small business consultant and the CEO of GrowBiz Media and “With our increasing dependence on technology, we have to start rethinking that.”

The fact that technology can include software, services, and apps from a variety of vendors makes getting ahead of cybercriminals especially daunting for small businesses trying to do everything on their own. But the average cost of recovering from a cyberattack is only going up. 

There is also the cost of compliance after a hack—laws and regulations that require companies to contact affected customers and in some cases to provide identity-theft protection. What small businesses fear most, in fact, is the impact on reputation and loss of customers following a breach.

For small businesses ready to face the problem, Lesonsky prescribes a dead-simple series of steps: “Sit down and try and think of as many things as can happen, or spend the money to have a one-time consultation to find out where you’re vulnerable. Then take steps to fix those vulnerabilities.” Above all, she says, “don’t make it easy for cybercriminals.”

Do you know the most interesting thing about that article? It was written nearly 10 years ago. 10 years! So, SMBs have had a decade of warnings, and for some… they still don’t take cyber threats seriously. 

Let’s move to a more current article, written in 2023 by Embroker… 

2023 Must-Know Cyber Attack Statistics and Trends

Cyber attacks have been rated the fifth top-rated risk in 2020 and become the new norm across public and private sectors. This risky industry continues to grow in 2023 as IoT cyber attacks alone are expected to double by 2025. Plus, the World Economic Forum’s 2020 Global Risk Report states that the rate of detection (or prosecution) is as low as 0.05 percent in the U.S.

If you are one of the many who run a growing startup, you know the landscape is ever-changing, and 2020 brought on several changes, to say the least. The pandemic affected all types of businesses — big and small. If anything, the pandemic amplified cybercrime due to the uncertainty around remote working and how to protect your business.

Cybercrime, which includes everything from theft or embezzlement to data hacking and destruction, is up 600% as a result of the COVID-19 pandemic. Nearly every industry has had to embrace new solutions, and it forced companies to adapt, quickly. 

Cybercrime will cost companies worldwide an estimated $10.5 trillion annually by 2025, up from $3 trillion in 2015. At a growth rate of 15 percent year over year — Cybersecurity Ventures also reports that cybercrime represents the greatest transfer of economic wealth in history.

Cybercrime for Small and Medium Businesses

Cyber attacks on all businesses, but particularly small to medium-sized businesses, are becoming more frequent, targeted, and complex. According to Accenture’s Cost of Cybercrime Study, 43% of cyber attacks are aimed at small businesses, but only 14% are prepared to defend themselves. 

Not only does a cyber attack disrupt normal operations, but it may cause damage to important IT assets and infrastructure that can be impossible to recover from without the budget or resources to do so. 

Small businesses struggling to defend themselves because of this. According to Ponemon Institute’s State of Cybersecurity Report, small to medium-sized businesses around the globe report recent experiences with cyber attacks:

  • Insufficient security measures: 45% say that their processes are ineffective at mitigating attacks. 
  • Frequency of attacks: 66% have experienced a cyber attack in the past 12 months.
  • Background of attacks: 69% say that cyber attacks are becoming more targeted. 

The most common types of attacks on small businesses include:

  • Phishing/Social Engineering: 57%
  • Compromised/Stolen Devices: 33%
  • Credential Theft: 30%

By understanding the targets of attacks and consequences, as a business leader you can minimize the potential, gain value in your cybersecurity efforts, and even prevent future attacks.

Longtail Cost of Cyber Attacks  

The long tail costs of a data breach can extend for months to years and include significant expenses that companies are not aware of or do not anticipate in their planning. These costs include lost data, business disruption, revenue losses from system downtime, notification costs, or even damage to a brand’s reputation.

Breach Discovery

Breach discovery is when the company or business becomes aware that the incident occurred. According to IBM, it takes a company 197 days to discover the breach and up to 69 days to contain it. 

Companies that contained a breach in less than 30 days saved more than $1 million compared to those that took more than 30 days. A slow response to a data breach can cause even more trouble for your company. It can result in a loss of customer trust, productivity, or major fines.

A data breach response plan is a proactive way to be prepared in the event that a breach does occur. Having a risk management strategy in place to combat incidents such as breaches can minimize the impact on your company and bottom line. An incident response plan, for example, provides guidance for your team during the phases of detection, containment, investigation, remediation, and recovery.

How to Reduce the Risk of Cyber Attacks

With the increasing threats of hackers mishandling your data, implementing processes to prevent data security breaches is the most responsible course of action. 

1. Reduce Data Transfers

Transferring data between business and personal devices is often inevitable as a result of the increasing amount of employees who work remotely. Keeping sensitive data on personal devices significantly increases vulnerability to cyber attacks.

2. Download Carefully

Downloading files from unverified sources can expose your systems and devices to security risks. It’s important to only download files from sources and avoid unnecessary downloads to lower your device susceptibility from malware.

3. Improve Password Security

Password strength is the first line of defense against a variety of attacks. Using strings of symbols that don’t have a meaning, regular password changes and never writing them down or sharing them is a crucial step to protecting your sensitive data.

4. Update Device Software

Software providers work hard on continuously making their software more secure, and regularly installing the latest updates will make your devices less vulnerable to attacks.

5. Monitor for Data Leaks

Regularly monitoring your data and identifying existing leaks will help mitigate the potential fallout from long-term data leakage. Data breach monitoring tools actively monitor and alert you of suspicious activity. 

6. Develop a Breach Response Plan

Data breaches can happen to even the most careful and disciplined companies. Establishing a formal plan to manage potential data breach incidents, a primary cyber attack response plan, and a cyber attack recovery plan will help organizations of any size respond to actual attacks and contain their potential damage. 

It’s clear that businesses are under a constant threat of cybercrime and must take steps to defend their data. Don’t wait until it’s too late, take steps today to prevent future data breaches and the consequences that follow.”

At Adaptive Office Solutions, cybersecurity is our specialty. We keep cybercrimes at bay by using analysis, forensics, and reverse engineering to prevent malware attempts and patch vulnerability issues. By making an investment in multilayered cybersecurity, you can leverage our expertise to boost your defenses, mitigate risks, and protect your data with next-gen IT security solutions.

Every single device that connects to the internet poses a cyber security threat, including that innocent-looking smartwatch you’re wearing. Adaptive’s wide range of experience and certifications fills the gaps in your business’s IT infrastructure and dramatically increases the effectiveness of your cybersecurity posture.

Using our proactive cybersecurity management, cutting-edge network security tools, and comprehensive business IT solutions you can lower your costs through systems that are running at their prime, creating greater efficiency and preventing data loss and costly downtime. With Adaptive Office Solutions by your side, we’ll help you navigate the complexities of cybersecurity so you can achieve business success without worrying about online threats.