When Elana Graham started selling cybersecurity software to small businesses five years ago, business was relatively slow.
Now demand is booming, fueled by a rapid expansion of remote work that has left these companies vulnerable to attack.
Graham says his company’s turnover has tripled since the beginning of the year, reaching an all-time high.
“It was total denial. ‘It’s not going to happen to me. We’re too small.’ That was the message I was overwhelmingly hearing five years ago,” says Graham, co-founder of Canada-based CYDEF. “But yeah, it’s happening,” she says.
Cybercrime is expected to cost the world $10.5 trillion by 2025, according to cybersecurity research firm Cyber Ventures.
If the current trajectory continues, small businesses will absorb most of the impact.
They are three times more likely to be attacked by cybercriminals compared to large enterprises, cloud security firm Barracuda Networks has found.
And the risks skyrocketed during the pandemic.
The impact of lockdowns
Between 2020 and 2021, cyberattacks on small businesses increased more than 150%, according to RiskRecon, a Mastercard company that assesses businesses’ cybersecurity risk.
“The pandemic created a whole new set of challenges, and small businesses weren’t ready,” says Mary Ellen Seale, executive director of the National Cybersecurity Society, a nonprofit that helps small businesses create cybersecurity plans. .
In March 2020, at the height of the pandemic, a CNBC survey of small businesses found that only 20% planned to invest in cyber protection.
Then the covid-19 lockdowns kicked in and businesses scrambled to move their operations online.
Working remotely meant that more personal devices like smartphones, tablets, and laptops had access to sensitive corporate information.
However, the lockdowns strained budgets and limited how much companies could spend to protect themselves. Hiring expensive experts and acquiring the required cyber security software was often out of reach.
The result was a weak cybersecurity infrastructure that was ripe for hacking.
Low Risk, Big Gain
“A lot of the attacks now target them because criminals know that the larger organizations have done a pretty good job of protecting their infrastructure. The weakest link is small businesses. And it’s really easy to get into there,” says Seale.
For would-be criminals, such attacks carry low risk and high reward, as they are less likely to draw the attention of authorities and often the companies themselves.
Yoohwan Kim, a professor of computer science at the University of Nevada (Las Vegas), says it typically takes 200 days from the time a hack is made until it’s discovered. In many cases, customer complaints are what alert companies to a problem.
And with a supplier that has been hacked, criminals can access networks of organizations further up the supply chain.
“Big business depends on small business. It’s the lifeblood of America, and we need a wake-up call,” Seale says.
Small businesses make up more than 99% of businesses in the US and employ nearly half of all Americans, playing a critical role in the global economy.
Kim says they are like the “Achilles heel” of the economy.
“They may be small companies, but what they sell to big companies could be very important. If they get hacked, [su producto] it won’t get into supply chains and everything will be affected,” says Kim.
Cyberattacks can be devastating to small businesses, leading to their products being removed from supply chains, legal costs, investigations and filings with regulatory authorities.
About 60% of small businesses close within six months of an attack, estimates the National Cybersecurity Alliance.
“The cost could run into thousands of dollars. Some companies just can’t afford that kind of money,” says Kim. “They just can’t handle it.”
The most vulnerable
But while small businesses are most vulnerable, Graham says most cybersecurity tools are built for large businesses and are often difficult to understand and install without a cybersecurity expert on the team.
“That’s a big challenge for small businesses that don’t understand what these people are trying to sell them,” she says.
Experts say there are simple steps small businesses can take to improve their protections, like creating basic response plans and identifying what and where critical data is.
It is also important to educate employees on how to prevent and detect attacks, since the vast majority of data breaches occur due to human error.
Attacks in which cybercriminals hacked into commercial emails were the costliest cyber threat during the pandemic, with reported losses of $1.8 billion, according to the Federal Bureau of Investigation (FBI).
Also known as spear phishing, these hacks perform a targeted attack, unlike more traditional strategies like spam, which reach large numbers of people.
Graham describes the tool as “the new frontier in criminal activity” and says it has become the most common type of cyberattack his clients face.
But Seale says companies shouldn’t despair.
“The most important thing is to convey to small businesses [la noción] that this is not useless. It’s not an insurmountable task,” she says.
Now you can receive notifications from BBC Mundo. Download the new version of our app and activate them so you don’t miss out on our best content.
BBC-NEWS-SRC: https://www.bbc.com/mundo/noticias-63494702, IMPORTING DATE: 2022-11-23 21:40:05
NATHALIE JIMENEZ
BBC Business Reporter
#economy #Achilles #heel #millions #dollars #lost