Cybercrime is everywhere. We know it and you know it, but deep down, many of us still think we’re either too small or unimportant to be a target. Think again. You were never safe from cyber criminals, but when the new year rolled into March and COVID-19 became the only news, your small business moved to the front of the cyber criminal’s hack-line.
It was a sweet day for hackers when mandated closures resulted in immediate transitions to virtual work. It was rapid and often took place without having the protections of the office in place. And that is what played right into the hands of cyber criminals. By April 16th, thehill.com reported that cybersecurity complaints to The Federal Bureau of Investigations (FBI) were 3 to 4 times higher than prior to COVID-19, with small businesses being the hot target.
Let’s do a quick reality check. Fact: Over 60% of cyber attackers target small business. Why? Because most hackers bank on volume and there are a lot of small businesses out there. According to Small Business & Entrepreneurship Council data, in 2016 there were 5.6 million “employer firms” in the United States. Companies with under 20 employees, including self-employed folks with no staff accounted for 98% of those businesses. That’s a lot of small businesses who traditionally don’t invest as much into cybersecurity measures as enterprise organizations do. Who are more vulnerable than ever to an attack.
Take a phishing attack, for example: You’re the bad guy; you have a list of 100, 000 email addresses and send out a sophisticated phishing email. If only 1% of recipients click on something in the email, you have 1000 people on the hook. In reality – it’s better for hackers than that. The recipient click-rate on phishing attacks for small business is around 30% so that number in our little example just blossomed to 30,000 clicks!
For the sake of this example, let’s stick to our very conservative 1% click rate and you’re still the bad guy. Imagine you launch a ransomware attack to these 1000 people and ask for $2,500 from each of them. (According to Comparitech, that is the average loss for a small business). $2,500 doesn’t sound too bad, does it? It’s a lot of money, but probably bearable for most businesses to get their data back and not have to close down. Well, surveys estimate that 40% of ransom gets paid. So, if 400 victims pay a $2,500 ransomware fee, you just earned a whopping $1,000,000. Go buy yourself a new Porsche!
And the cost to you? Next to nothing. Ever wonder how much emails cost on the dark web? Check out this report by VPNOverview. In the MyFitnessPal breach, our 100,000 records would have cost us less than $10—$7.60 to be exact. Sure, those were probably personal email addresses included in the list, but if an owner or employee checked their personal email from their work device, game on small business. And remember, it’s a minimal success rate needed to make this scheme work because it’s a numbers game. So you think your business is too small to matter? It’s not when it’s all about volume.
Bad guys don’t care about what they are stealing (not you, you’re a good guy again), they care about making money. If they can’t sell it for a profit on the dark web, they will, well, extort it, like in the example above. It wasn’t the data that mattered, it was a business owner willing to pay ransom to get it back that mattered.
So maybe you think your data is not important to anyone. The real question is, how important is your data to YOU? Do you need it to run your business? If the answer is yes, then it’s important to a cybercriminal.
Know where you stand. Check out this cybersecurity GUIDE and give us a call. We can do a quick scan on your system and let you know where you stand. Let’s talk!