Reliable cybersecurity, and avoiding cyberattacks, is essential for businesses of any size. The subject is so popular that it’s a standalone topic on Google News. Problem is, many small or medium businesses don’t consider it essential for them — it’s often seen as a problem for big businesses and enterprise, but that couldn’t be further from the truth. Media often perpetuates this; most of the digital ink is dedicated to attacks on larger global companies and organizations — meat processor JBS SA, Colonial Pipeline, Australia Telecom, Sinclair Broadcast Group, Inetum Group, Finalsite, Kaseya.
But here’s the thing: according to the U.S. Small Business Administration (SBA), “Cyber-attacks are a growing threat for small businesses and the U.S. economy. According to the FBI’s Internet Crime Report, the cost of cybercrimes reached $2.7 billion in 2020 alone.”
With 2022 underway we wanted to take a look at the cyber threats that small businesses, as well as medium-sized businesses — often referred to collectively as SMBs — face. We’ll also explore potential security practices and security solutions small business owners can use to be proactive in minimizing network vulnerabilities.
Cybersecurity and SMBs — The (Unfortunate) Numbers
In December 2020 Fundera, a subsidiary of NerdWallet that bills itself as “the go-to financial resource for every small business,” published 30 Surprising Small Business Cyber Security Statistics (2021). A few that rise to the top are:
- Small businesses are targeted in 43% of cyber attacks.
- Of the small businesses victimized by cybercriminals, 60% go out of business within six months.
- In 2020 there was a 424% increase in new small business cyber breaches.
- Disaster recovery is costly — the average cost for small businesses to restore normal business operations post-attack: $955,429.
Those are scary numbers, but additional statistics show that conducting risk assessment of your business can help you identify and mitigate cybersecurity risks.
The Biggest SMB Cybersecurity Threats
The SBA points out that malware, viruses, ransomware, and phishing are the primary threats facing small businesses. Unfortunately, the numbers show that no business is too small for cybercrime. There are 32.5 million small businesses in the United States alone, and 50% reported being the target of at least one cyber attack in 2020.
It’s important to note that both viruses and ransomware qualify as malware. Fortunately antivirus software has evolved since the Brain Boot Sector Virus — recognized as the first PC virus — was released in 1986. Most companies recognize the importance of using antivirus software and keeping it updated to avoid infection.
And while data backups are essential, there's much more to it than that. When it comes to ransomware, the National Cyber Security Alliance (NSCA) reports that, “small businesses are more likely to be targeted with a ransomware attack … 46 percent of all small businesses have been the targets of a ransomware attack … nearly three-quarters (73 percent) have paid a ransom.”
The fourth threat, phishing attacks, fall under the umbrella of social engineering. These attacks are one of the biggest cybersecurity challenges a business can face because they target, and manipulate, human behavior. The FBI’s Internet Crime Complaint Center (IC3) reported that phishing was the most common attack, by far, in 2020. This is attributed to the increase in remote work triggered by COVID-19 pandemic. Remote workforces using BYOD devices, accessing apps and sensitive data on WiFi outside the company firewall, increased the number of network endpoints. These elements combined to disproportionately expand the threat landscape for phishing attacks.
There were 6.95 million new phishing and scam pages created in 2020, including 206,310 in a single month. Why do hackers with bad intentions like phishing? Because it works. And it works because business email, critical for day-to-day operations, is the threat vector used.
How SMBs are Targeted Via Email
The sheer volume of emails used to conduct business make it appetizing for cybercriminals. Futura’s report found that:
- 1 in 323 emails sent to small businesses are malicious.
- The median small business received 94% of its detected malware by email.
The first statistic is scary, but the second is proof that there are effective cybersecurity solutions available.
Phishing typically starts with an email that tricks a user into visiting what appears to be a safe website. If the user enters their login credentials on the phishing site, they’ve compromised their username and password. That site is where the login credentials or other personal data (like financial information) are obtained. OpenVPN Cloud with Cyber Shield, a built-in content filtering feature, helps curtail phishing attacks efficiently and effectively.
Why Passwords and MFA Are Important to SMB Cybersecurity
The average person has 100 passwords. Who can remember all of their passwords? Nobody. Granted, some of those passwords are redundant, or obvious. That’s why:
- Weak, stolen, or default passwords are the source of 63% of confirmed data breaches.
- The average cost of a cyber attack tied to compromised employee passwords cost an average of $383,365.
The 2021 Remote Workforce Security Report found that employees are resistant to Multi-Factor Authentication (MFA) (35%) and password managers (26%). Their resistance isn’t rooted in malice; they simply want to get their jobs done as efficiently as possible. Although their intentions are good, the reality is that human error and system failure account for 52% of data security breaches.
As with phishing emails, a secure virtualized network can protect against data loss and IT infrastructure damage. OpenVPN Cloud gives network administrators the ability to require multi-factor authentication (MFA) — a security measure that requires users to provide multiple forms of identity verification to access their account — and without making secure access difficult for employees.
Don’t Neglect Threat Intelligence
SMBs can’t afford to skimp on network security. When it comes to budgets, experts recommend allocating a minimum of 3% of total spending to security solutions. Before you balk at that number, consider these factors:
- 3 out of 4 small businesses say they don’t have the personnel to address IT security.
- Getting to the source of how a cyber attack happened can cost $15,000.
Threat intelligence should continually evolve, but one way to build a baseline is reporting. The Traffic Reporting and Dashboards included with Cyber Shield deliver detailed statistics on traffic threats (malware, intrusion, DOS) as well as the device of origin.
Cyber attacks were projected to cause $6 trillion in damages to SMBs in 2021. While many of those companies operate lean, those who ignore the need for robust cybersecurity do so at their own peril. Economical, efficient cybersecurity is possible, even without full-blown IT departments. That’s why so many SMB organizations turn to OpenVPN Cloud for a flexible, scalable all-in-one network security solution.
Ready to get started? Your three free connections are available here.