If you work for a small business, you probably believe you’re not a target for cyber crime, largely because you have little of value to be stolen. You’re not alone. Almost half (44%) of small business management don’t see cyber crime as a priority either.
But with 42% of small businesses experiencing at least one attack in the past 12 months, that thinking needs to be turned around. Phishing, malware, zero-day attacks, application vulnerabilities, and good old-fashioned automated hacking all represent the modern-day threat to the SMB.
Why is the small business such a strong focus for cyber criminal activity?
Sometimes you’re the target
Let’s start by evaluating the target options a cyber criminal has and see what the “criminal ROI” is on attacking each target:
So which target makes the most sense?
Think like a Small Cyber crime Business
Since you already run one small business, let’s pretend we’re going to start a new business—one that works to deceive customers into giving us money using scams and hacks to get the job done. Like any business, you want the greatest margin possible, which means the lowest investment and the highest return.
So which of the three targets requires the least investment of our time (read: the lowest security), and provides us with the greatest return (read: the most access to cash and credit)?
BINGO! It’s the small business!
You have the least amount of security, a largely wide-open Internet connection susceptible to automated attacks that hit thousands of IP addresses including yours (making you a target of convenience rather than one of espionage), many points of entry (your employees), and the most access to money in various forms, relative to your security.
But believe it or not, sometimes when a small business is hit, they’re not the target.
Sometimes you’re just an asset
In the world of spying, an asset is someone being used for information or access to an even more important target. And in the world of cyber crime, an enterprise, having a security budget larger than the entire operating budget of most small businesses, is too tough to gain access to. So why not access the Enterprise through a less secure partner? By doing so, you unknowingly become an asset.
The infamous Target breach of 2013 wasn’t accomplished by directly attacking Target’s infrastructure, databases, or security. It was initially accomplished by obtaining credentials from a Target vendor who handles their HVAC. In addition, other compromised computer systems through the U.S. were utilized as “drop” locations for the stolen credit card data where it could be accessed later. See? Asset.
Either way, you’re a target
So we’ve answered the question of “why”, so the next question is “how” is it being accomplished and “what” to do about it. Let me attempt to do both in one simple list:
–––––––––––––––––––––––––––––––––––––––––––––––
Want to know more about security? Then check out the videos serious by our security lead, Ian Trump…
Get the latest MSP tips, tricks, and ideas sent to your inbox each week.