Skip to content

Small businesses often in ignorance of cyberattacks

Nearly 60% of small businesses have been victims of a cyberattack over the past year, but the vast majority did not realize that they had been attacked, according to
The third annual Nationwide poll, released Monday.

The insurance company operated 1,069 companies with fewer than 299 employees for the study. Initially, only 13% of the participating companies reported being victims of a cyberattack. However, after being shown a list of types of cyber attacks – ranging from phishing scams to Trojan horses to ransomware – this figure reached 58%.

"Cyber ​​attacks are one of the biggest threats to modern business," said Mark Berven, Nationwide's president in damage insurance. "Business owners tell us that cybercriminals do not just attack big Wall Street businesses."

Targeted companies often have fewer cyber defense systems, less money to invest in protecting against threats and less name recognition threatened by a breach.

The most common forms of attack, based on the survey, were computer viruses, cited by 36% of respondents. Then come the phishing attacks, cited by 29%, then the Trojans, cited by 13%.

Lack of preparation was a major problem for the companies surveyed. About 57% of companies did not have dedicated tracking of employees or vendors for cyberattacks in place. About 76 percent had no plan to deal with such attacks. Fifty-seven percent had no employee data protection plan and 54 percent had no customer data protection plan.

The recovery of cyberattacks in many cases was slow and expensive. About 20% of victims of cyberattacks spent $ 50,000 and took more than six months to recover, while 7% spent more than $ 100,000 and took more than a year to recover.

See also  The eve of the Autonomous Driving Revolution

Money issues

Cyber ​​attacks usually steal credit card information from companies whose customers make purchases, notes Karen Johnston, a technical consultant at Nationwide. that a lot

They also steal personally identifiable information – such as addresses, names, and social security numbers – that hackers can use to apply for new credit cards or loans, she told the E-Commerce Times.

Small businesses need to ensure that their systems have adequate antivirus and firewall protection and that their systems are password protected and correctly patched and updated with the latest information. versions of antivirus and operating software.

Companies must also have up-to-date backups of their critical systems and customer data, and consider having cloud backups of that information, she suggested.

In addition, most small businesses do not have adequate cyber risk insurance, noted Mr. Johnston – or they think they are covered by existing trade policies while They are not.

Missing protections

With their limited resources, small businesses tend to be more vulnerable to cyber attacks than larger companies.

"Small businesses are one of the most risky sectors of the market, in part because their data is just as valid for an attacker and simultaneously their protections are significantly higher than what you would see in a market middle. "The company," explained Kevin O. Brien, CEO of GreatHorn.

Cyberthieves are likely to sell all the data they find on the Dark Web, and the price per item will likely be the same, if the firm that was raped was a Fortune 500 or a much smaller company, he told E-Commerce. Times.

See also  Facebook takes steps to restore trust

The majority of attacks still arrive via email, but there has been a recent surge in mobile and social attacks, Ryan Kalember, vice president of cyber security strategy, said.

Technological firms and companies with complex supply chains, such as manufacturers, are more frequently targeted, with about 40 email fraud attempts per organization, he told the E-Commerce Times .

"Small businesses can be a great place for cyber criminals: they have more money to steal than a consumer and less security than a big business," said Kevin Haley, Director of Security Response at Symantec.

"They also often depend on third party suppliers for their technology," he told the E-Commerce Times. "Meanwhile, cyber criminals may very well specialize in violating a technology or solution and forging a path through the small businesses that use it."

David Jones is a freelance writer based in Essex County, New Jersey. He wrote for Reuters, Bloomberg, New York Crain Affairs and The New York Times .