When Elana Graham started selling cybersecurity software to small businesses five years ago, business was relatively slow.
Now demand is booming, fueled by a rapid expansion of remote work that has left these companies vulnerable to attack.
Graham says that the turnover of his company has tripled since the beginning of the year, reaching an all-time high.
“It was total denial. ‘It’s not going to happen to me. We’re too small.’ That was the message I was overwhelmingly hearing five years ago,” says Graham, co-founder of Canada-based CYDEF. “But yeah, it’s happening,” she says.
Cybercrime is expected to cost the world US$10.5 trillion by 2025according to cybersecurity research firm Cyber Ventures.
If the current trajectory continues, small businesses will absorb most of the impact.
They are three times more likely to be attacked by cybercriminals compared to large enterprises, cloud security firm Barracuda Networks has found.
And the risks skyrocketed during the pandemic.
The impact of lockdowns
Between 2020 and 2021, cyberattacks on small businesses increased more than 150%according to RiskRecon, a Mastercard company that assesses companies’ cybersecurity risk.
“The pandemic created a whole new set of challenges, and small businesses weren’t ready,” says Mary Ellen Seale, executive director of the National Cybersecurity Society, a nonprofit that helps small businesses create cybersecurity plans. .
In March 2020, at the height of the pandemic, a CNBC survey of small businesses found that only 20% planned to invest in cyber protection.
Then the covid-19 lockdowns kicked in and businesses scrambled to move their operations online.
Working remotely meant that more personal devices such as smartphones, tablets and laptops have access to sensitive corporate information.
However, the lockdowns strained budgets and limited how much companies could spend to protect themselves. Hiring expensive experts and acquiring the required cyber security software was often out of reach.
The result was a weak cybersecurity infrastructure that was ripe for hacking.
Low Risk, Big Gain
“A lot of the attacks now target them because criminals know that the larger organizations have done a pretty good job of protecting their infrastructure. The weakest link is small businesses. And it’s really easy to get into there,” says Seale.
For would-be criminals, such attacks involve low risk and high rewardsince they are less likely to attract the attention of the authorities and often the companies themselves.
Yoohwan Kim, Professor of Computer Science at the University of Nevada (Las Vegas), indicates that as usual it takes 200 days from the time the hack is performed until it is discovered. In many cases, customer complaints are what alert companies to a problem.
And with a supplier that has been hacked, criminals can access networks of organizations further up the supply chain.
“Big business depends on small business. It’s the lifeblood of America, and we need a wake-up call,” Seale says.
small businesses represent more than 99% of companies in the US. and they employ nearly half of all Americans, which plays a critical role in the global economy.
Kim says they’re like the “Achilles heel” of the economy.
“They may be small companies, but what they sell to big companies could be very important. If they get hacked, [su producto] it won’t get into supply chains and everything will be affected,” says Kim.
Cyber attacks can be devastating for small businesseswhich leads to their products being removed from supply chains, in addition to incurring legal costs, investigations and declarations before regulatory authorities.
About 60% of small businesses close within six months of an attack, estimates the National Cybersecurity Alliance.
“The cost could run into thousands of dollars. Some companies just can’t afford that kind of money,” says Kim. “They just can’t handle it.”
The most vulnerable
But while small businesses are the most vulnerable, Graham says that most cyber security tools have been created for large companies and are often difficult to understand and install without a cybersecurity expert on your team.
“That’s a big challenge for small businesses that don’t understand what these people are trying to sell them,” she says.
Experts say there are simple steps small businesses can take to improve their protections, like creating basic response plans and identifying what and where critical data is.
Also it is important to educate employees on how to prevent and detect attacks, since the vast majority of data breaches occur due to human error.
Attacks in which cybercriminals hacked into commercial emails were the costliest cyber threat during the pandemic, with reported losses of $1.8 billion, according to the Federal Bureau of Investigation (FBI).
Also know as spear phishingthese hacks carry out a targeted attack in a specific way, unlike more traditional strategies such as spam, which reach a large number of people.
Graham describes the tool as “the new frontier in criminal activity” and says it has become the most common type of cyberattack his clients face.
But Seale says companies shouldn’t despair.
“The most important thing is to convey to small businesses [la noción] that this is not useless. It’s not an insurmountable task,” she says.