Why Small Business is a Bigger Target for Cyber Criminals

small business securityWhen you think about cyber crime, you might think of identity theft. Or you might think about major security breaches that have hit big-name corporations, such as the PlayStation security breach. In actuality, there are dozens of security breaches happening every day, affecting small businesses, individuals and major companies. While you don’t hear about small business security breaches as frequently, they’re one of the biggest targets for cyber criminals.

Small Business Represents Big Chunk of Security Breaches

There’s a clear trend among hacking and cyber crime targeting small businesses. Verizon recorded a total of 621 security breaches in 2012—nearly half of which targeted companies with fewer than 1,000 employees. About 31 percent, or 193 of the 621 breaches, targeted businesses with fewer than 100 employees.

Other reports confirm this trend. A report by Symantec, for instance, found that cyber attacks on businesses with less than 250 employees comprised about 31 percent of total security breaches in 2012. And it’s a trend that’s been consistent for the past six years.

Why is this happening? Often, small businesses simply don’t have the financial means to obtain high-end security precautions capable of protecting every end point and every area of the perimeter. Large corporations are upping the security ante with massive investments in sophisticated security technology to create an iron-clad network capable of warding off today’s advanced hackers.

Among small businesses (those with less than 250 employees), however, 83 percent have no formal cyber security plan in pace, according to data from the National Cyber Security Alliance. Sixty-nine percent don’t have a security plan in place at all.

Increased Reliance on the Internet

Enterprises of all sizes are relying more heavily on the Internet to conduct day-to-day operations than ever before. The same reliance on connectivity that makes it possible to conduct business across what were formerly physical or geographic constraints opens up a window of opportunity for hackers.

The Internet isn’t new, yet employees and individuals unknowingly take actions online that can provide a prime opportunity for cyber criminals to gain access to various accounts, and even to authorized areas of a company’s network. Too many small businesses fail to adequately protect themselves under the misguided belief that cyber criminals are going after the big dogs.

Small Business is a Stepping Stone

For some hackers, small businesses are just a stepping stone to work their way to larger targets. And in some cases, successfully breaching a small company’s network provides an inroad to the larger corporations those small businesses serve. One common practice is to use a small business website as a baiting mechanism to obtain information from larger companies or gain access to a larger entity’s network.

But even small enterprises can be a valuable target for cyber criminals. Whether it’s financial information, proprietary competitive data or even money in the bank, today’s small businesses are accomplishing big things, making them increasingly attractive to hackers. While the financial rewards for a single breach might not be as attractive as a massive breach on a major corporation, the ease of hacking smaller companies means the difference can be readily made up by conducting several hacks on smaller organizations.

As small business continues to be a viable and easily accessible target for cyber criminals, it’s critical for smaller companies to take a proactive approach to protecting their data. It only takes one mistake to set in motion a series of events that would allow hackers to infiltrate your entire company network. Whether financial gain is the goal or a personal challenge, hackers aren’t passing small companies by.

Additional Sources:



About Fergal Glynn

Fergal Glynn is the Director of Product Marketing at Veracode, an award-winning application security company specializing in securing the software supply chain and other security breaches with effective risk assessment tools.