Globally, cybercrime rates are climbing rapidly. Hackers are constantly finding new and elusive ways to take advantage of internet users, both at home and at work. For companies of any size, protecting the business from cyber threats is now an essential part of operation and one that is not to be underestimated. However, many business leaders are still not dedicating enough of their time and money to prevention, which could be catastrophic for smaller enterprises.
Between 2017 and 2018, the number of reported crimes increased by 16%, double that of the increase between 2016 and 2017. The cost to all Americans has also almost doubled in the same period, with losses rising from $1.4bn in 2017 to $2.7bn in 2018. The average cost of a security threat to small businesses stands at around $200,000 but the cost per employee is even more significant. For businesses with 9 employees or fewer, the cost is around $400 per employee while organisations of 250 or more suffer a loss of around $25 per employee. Facing these challenges, small business owners need to make cybersecurity a higher priority or risk losing everything.
While the news has recently been filled with stories of major data breaches from leading companies like Facebook, Apple, Amazon, Equifax and Marriott, it is not the case that these kinds of catastrophes only strike big businesses. 43% of cyber attacks target SMEs and reportedly on 14% are adequately prepared to handle them. Though cybersecurity is still an emerging and ever-changing discipline for many, its importance grows with every year.
The Internet Crime Complaint Center’s (IC3) 2018 cybercrime report highlights a number of crimes which specifically affect businesses as being significant threats of 2018. These include personal data breaches, extortion, business email compromise and payroll diversion. The strategies used by cybercriminals are diverse, complex and highly manipulative. Business leaders should be aware of these threats and how best to combat them to ensure the safety of their business and their clients’ data.
Personal data breaches
Data breaches make up one of the fastest-growing forms of cybercrime nationally. The number of reported data breaches has grown by more than 60% in the last year and over 150% in the last 4 years. There were an estimated 4.1 billion records exposed in the first half of 2019 alone, with 3.2 billion of those exposed in just 8 breaches. The cost of a data breach goes beyond the cost of recovery – threats include a loss of reputation and revenue as well as any claims put in by affected clients.
For this reason, a data breach of any size could still have dramatically damaging effects on a small business. To protect against data breaches, the key is robust preemptive protection and regularly testing and updating cybersecurity systems. Cyber insurance can also help manage the cost of claims in the event of a breach.
Extortion
Some of the most common forms of online extortion affecting businesses include ransomware and Denial of Service (DoS) attacks. For most businesses, the cost of paying out a ransom seriously affects finances, but the alternative – losing or leaking clients’ sensitive data is equally as harmful. Small businesses make up 71% of ransomware victims and the cost of an attack is $2,500 on average. Backing up data using separate servers will help protect losses as this ensures as little data lost as possible without having to pay the ransom.
DoS attacks intend to make a machine or network resource unworkable either temporarily or completely. This involves flooding the network or machine with malicious traffic so quickly that the machine is unable to respond and eventually crashes and is often carried out to gain a ransom. Internet service providers often have the ability to avoid these kinds of attacks by distributing the traffic across their servers, protecting the machine from complete shut down. This can help save data, protect productivity and avoid the requirement of a ransom payment.
Business email compromise
Business email compromise is closely related to phishing in that these attacks attempt to spoof or hack email accounts of a member of the company, using the compromised identity to manipulate other members of the team into authorising bogus finance transfers or giving away sensitive information.
Hackers will use social engineering strategies which prioritise the authority, urgency and threat to persuade victims into making mistakes without properly considering the reality of the request. Giving staff regular cybersecurity training and ensuring all those involved in the fund transfer process understand exactly what will be expected of them will help reduce the chances of falling victim to this type of crime.
Payroll diversion
There were only 100 reports of payroll diversion in 2018 but the cost to Americans was $100m in total. Cybercriminals use phishing techniques to steal employee login details, redirecting their salary to a new account. Payroll diversion highlights the importance of staff vigilance and evidences the lack of serious consideration for cybersecurity in many workplaces. 90% of cyber incidents occur due to user interaction so ensuring that all staff understand their important role in keeping the business safe is imperative to stopping the successes of cybercriminals.
Cybersecurity should be one of the most important considerations for a modern business. The implications of a cyber attack can be devastating for a small or fledgling business so preventative measures should be vital no matter the size or scale of the company. Researching and staying up to date on common cybercrime strategies and ensuring software and training is implemented to prevent it could be the difference between success and ruin for small business owners.