Why Small Businesses Are Targeted by Cyber Criminals More Than Large Businesses
A lot of smaller businesses assume they fall beneath the radar when it comes to cyber crime, but they are actually attacked by hackers 3x more than larger ones.
Large enterprise businesses hold a lot more sensitive data, have higher cyber insurance policies and will often pay more to recover stolen data, so it’s easy to assume that hackers would target bigger businesses more than small ones. However, a new study by cyber security firm Barracuda Networks debunks this myth. The report analysed millions of emails across thousands of organisations and uncovered an alarming statistic – employees at small companies (100 employees or less) see 350% more social engineering attacks than those at larger companies.
Why are smaller companies targeted more?
Small companies tend to spend less on cyber security.
When you’re running a small business, it can be often be a bit of a juggling act when it comes to prioritising expenditure. Although many business leaders will acknowledge the importance of cyber security, it may not be at the top of their list.
Hackers are well aware of this fact and will know they need to do a lot less work to get a pay-out than they would trying to hack a large enterprise organisation.
Every business has ‘hack-worthy’ resources
Every business, even a one-person shop, has data that’s worth something to a cyber criminal. Credit card numbers, SSNs, tax ID numbers, email addresses, even Spotify accounts! They can all earn bad guys money on the dark web.
Small businesses can provide entry into larger ones
If a hacker can breach the network of a small business, they can often use that to make a larger score. Many small companies provide services to larger ones; digital marketing, website management, accounting, procurement etc. Vendors are often digitally connected to certain client systems. This type of relationship can enable a multi-company breach.
Small business owners are often unprepared for ransomware
Ransomware has been one of the fastest-growing cyber attacks of the last decade. 71% of surveyed organisation have experienced ransomware attacks in 2022. The percentage of victims that pay the ransom to attackers has also been increasing, with an average of 63% of companies paying the attacker money in hopes of getting a key to decrypt the ransomware.
Due to the rising success of ransomware attacks, many more criminals are venturing down this route. Those newer to cyber crime will often target smaller, easier-to-breach companies in the first instance.
Employees at smaller companies may not be as well trained in cyber awareness
Cyber awareness training can be difficult to prioritise ahead of all the other things on the list, especially for smaller organisations that can find it harder to take employees away from their desks. The problem with this though, is that human error opens businesses up to cyber risk more than any other factor.
In the majority of cyber attacks, the hacker needs help from the user, and if the user isn’t trained in how to spot suspicious emails, they could be the key to a successful cyber attack. Successful phishing attempts cause over 80% of data breaches. Teaching employees how to spot these ploys can significantly increase your cyber security.
