Did you know that 43% of all cyber crime is directed towards small businesses? This is due to a number of factors, but mainly because a majority of small businesses still refuse to take a proactive approach when it comes to cybersecurity. As long as SMBs are willing to sit back and allow hackers to target them, the number of attacks on small businesses are only going to continue to increase.
What Happens When a Small Business Gets Attacked?
The sad reality is that while large enterprises can weather the storm of litigation and loss of public trust that follows a successful cyberattack, most small businesses have no choice but to declare bankruptcy and close for good.
The average attack now costs small businesses $200,000 to recover from. In 2020, with many SMBs already feeling a loss of income from COVID-19, a $200,000 loss that comes out of nowhere is too much for many businesses to bear.
Most Common Small Business Cyber Attacks
With companies of all sizes now depending on data-driven websites, it's no surprise that SQL injection attacks have become a very popular way for hackers to attack small businesses.
An SQL injection attack occurs when a hacker executes an SQL query to a business database, delivered from a client to the business server via input data.
If that's too technical to worry about, just focus on what a successful SQL injection attack can do: it allows hackers to read, steal, modify, update or delete business data. They can run SQL commands to shut down a database, recover content from deleted files, or take control of the whole operating system by executing new commands.
Think of it like having a bad guy become the new super admin over all your company's data. Scary stuff!
At PTG, we use a coordinated proactive approach to fighting SQL-based attacks that uses technology from Arctic Wolf, Microsoft Azure ATP, and the on-going proactive mitigation of our own in-house cybersecurity engineers.
Two good question to ask your IT provider would be: Do you ever delay or neglect opportunities to patch our SQL-based systems? AND What do you use to identify and prevent potentially harmful attempts to access our databases?
Phishing and Spear Phishing Still Top Small Business Attacks
By this point, everyone reading this has probably been sent a phishing email or hundreds. The reason phishing is so common (70% of all types of attacks rely on them) is because people keep clicking on malicious links in emails.
The two reasons behind a phishing attack are to gain access to sensitive information or influence a person into doing something (like send money somewhere.)
The malicious links used in phishing emails either download malware, with or without the user's knowledge, or direct the user to a fake landing page in order to steal their login info.
Spear Phishing becomes even more specific. Hackers spend time researching and gathering information on their targets in order to send an email that is very targeted and highly personal. They can make the email appear to come from someone the user trusts (like their manager) or pass off a clone of a page the user frequently uses in order to intercept their login information.
Spear Phishing attempts take more time to pull off, but that's also why they are more successful (90% of businesses face spear phishing attacks and 86% of small businesses have had some of their emails compromised).
It is critical to educate employees on what Spear Phishing attacks can look like to decrease the chance that someone will fall for a targeted scam. Both regular phishing and spear phishing require some type of human error in order to be successful.
A bad guy's phishing success rate can drop significantly when small business employees are regularly sent phishing tests to educate them on how to identify potential scams.
Malware Infecting Small Businesses Comes in Many Forms
Phishing, Spear Phishing, and even SQL injection attacks can all be used to spread malware on user's devices. Not all malware is malicious. Malware is technically any unwanted software installed on your device or system without your permission.
However, when malware starts spreading from one user's device to many within a business--the results can be devastating.
An escrow company in California recently had to close its doors and lay off all of its staff when malware was used to steal 1.5 million from the corporate bank account. The funds were wired oversees to Russia and China in three separate transactions. The company was able to recover one of the transfers, but not the other two.
Trojans, viruses, infected files, and ransomware are all used frequently to target small businesses.
Most small businesses that get ransomware have few options but to pay the hackers and hope for the best. 76% of small businesses that become ransomware victims pay between $10,000 and $50,000 to attackers, with no guarantees that the encrypted data will be recoverable.
This is why it's so important to have secure, tested backups of all sensitive business data.
Stop Scaring Me, What's The Good News?
The good news is if you're already a Microsoft 365 user, there are many AI-based security tools available (like Advanced Threat Protection) that can protect your business from many of these threats. You just need an experienced Microsoft Partner to show you how to turn them on and configure them properly.
You can also easily get additional protection for cloud data that works and is very cost effective--for example PTG's cloud security add-on for Office 365, which starts at only $2 per user.