Why cybercriminals are targeting unsuspecting small businesses

With around one million micro firms and nearly four million sole traders in the UK, the risk of cybercrime is a reality an increasing number of businesses face.

According to the Federation of Small Business, small firms are in fact a prime target for cyber attacks, with just under half of its members being hit by cybercrime in 2013 and a third falling victim of online fraud.

When considering this in terms of an average high street, this is the equivalent of every second or third shop being attacked.

However, for a small business focused on day-to-day productivity, growth and competitive advantage in a challenging economic climate, such threats can still seem completely irrelevant.

>See also: Understanding cybercriminals: motives and tactics of the modern day attacker

Many small business owners believe that criminals have better things to do than focus their attention on small firms when there are large, wealthy enterprises to target.

In fact, recent research by Kaspersky Lab shows that 82% of companies with up to 10 employees believe they are not a target for cyber attacks because they are too small or don’t have anything worth stealing.

This is not the case. In reality, any organisation can become a victim, regardless of its size. All organisations hold data that could be of value to cybercriminals or alternatively could be used as a stepping stone to reach other companies.

As large enterprises build stronger digital security fortresses around their data, internal and external monitoring becomes more vigilant and punishments more severe, criminals and others with malicious intent are turning their attention to smaller firms. So this complacency with cyber threats provides a serious cause for concern.

This complacency certainly isn’t down to the fact that these companies don’t use connected IT devices. The UK’s smallest enterprises are increasingly reliant on the latest mobile devices and computing equipment, with two-thirds (68%) having internet-connected laptops, half supporting mobile and remote working, and a quarter (26%) allowing employees to use their personal smartphones for work.

Of course, these new technologies can offer immense potential for smaller firms. They can transform the way the business works, streamline business operations, boost productivity and strengthen customer relationships, all while improving interconnectivity and reducing IT complexity. However, these can also introduce new and possibly unexpected IT security vulnerabilities.

Between them, these devices hold confidential communications, customer, supplier and financial records, client work, designs, artworks and blueprints, appointment calendars and IP. All data that is considered critical is vulnerable to hacking, whether as a direct or stepping stone attack to reach another organisation.

Despite these risks, many businesses do not appear to be adequately educated. Just one in four (28%) of the small business owners surveyed turn to an external IT professional for advice, while over a third (36%) try to sort any problems out themselves.

One in five turns to a friend and around one in 10 relies on a partner or parent.  Although this may be sufficient as a consumer, retaining such a mind-set when running a business can prove fatal.

Although many small businesses illustrate naivety when it comes to cyber security, they certainly appreciate how vulnerable they would be if an attack was to happen. A third (31%) admit they wouldn’t know what to do if they had an IT security breach tomorrow, almost half would struggle to recover all the data lost, and a quarter admit they would be unable to recover any data at all.

One in ten of those surveyed accepted that it would probably cost them their business.  But the general consensus appears to be one of denial.

>See also: How do you solve a problem like cybercrime?

The problem is that smaller firms often lack the IT expertise and resources they need to understand and address IT security issues, or to keep up to date with the rapidly growing and evolving threat landscape.

So the IT security industry clearly needs to engage better with the growing number of successful and entrepreneurial business owners out there. With the guidance of the IT security industry, the risk level and threat landscape can be identified and proactively protected against before it’s too late.

This doesn’t mean that business owners need to become an IT security expert. Most of the time, cyber security is the IT equivalent of remembering to lock all the doors and windows when you go out, making sure you have some additional protection for the things that matter and not leaving valuables where others can easily see and get to them. 

Installing the right software and applying some common sense guidelines centred on secure access and sensible passwords, for example, will take businesses a long way.


Sourced from Kaspersky Lab

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...