Small businesses are an easier target for cybercriminals than larger businesses

Kye Parkin
Communications Executive | Business West
12th January 2017

Sony, Yahoo, Tesco and even the CIA - the list of large corporations and governmental bodies to have suffered at the hands of online fraudsters, hackers and cybercriminals in recent years is growing.

Data breaches, DDoS attacks, phishing and whaling scams targeting household names are becoming an all too familiar story, and we are all well aware of it by now.

For example, a shadowy gang of cybercriminals - motivated by financial greed or political gain - identifies a high profile target vulnerable to an attack and proceeds to inflict maximum reputational damage by posting their customers’ details online, whipping up a media frenzy in the process.

As scary as this is, the image of cybercrime that we have in our minds is at odds with the vast majority of crimes committed by your average cybercriminal.

Large scale data breaches such as these are extremely rare when compared to the far less sophisticated (but much more common) attempts to coerce employees into opening attachments infected with viruses or clicking on malicious hyperlinks that spread Trojan horses for example.

Nevertheless, the consequences of these attacks are no less severe.

Numerous reports confirm that it is SMEs, not larger firms, who are disproportionately targeted by cybercriminals.

Let me enter the mind of the criminal for a brief few moments to explain why.

Larger organisations tend to have large well resourced IT departments, which incorporate dedicated teams of cybersecurity professionals, who split their time between boosting their company’s defences and finding potential loopholes - the so-called practice of ‘ethical’ hacking.

In contrast, SMEs on average employee 3-4 dedicated IT staff - most of whom are support technicians, qualified to troubleshoot usability complaints and bugbears, not take on committed cybercriminals.

Among the smallest SMEs, of course, the number of dedicated IT staff tends to be zero, exacerbating the online threat even further.

Given the chasm which separates bigger businesses from smaller players when it comes to their cybersecurity defences, it doesn’t take a criminal mastermind to figure out that less high profile victims way down the corporate pecking order offer much richer pickings for cybercriminals.

In fact, so ubiquitous has the online threat become, that less than two weeks into the New Year, we have already seen a tsunami of case studies, reports and whitepapers published that offer stark warnings to small businesses.

And some of the statistics are truly shocking:

  • 230,000 UK businesses targeted by cyber criminals in 2016
  • You are more likely to be a victim of cybercrime than street crime
  • In Gloucestershire alone  over £250,000 worth of financial losses are recorded every month
  • Cyber attacks topped the 1,000 per business per day mark in November and December

Up against such mind boggling figures as these, small business owners should be under no illusion that cybercrime does not or will not affect them. Quite the contrary. The reality is that we are all targets.

Be that as it may, small businesses can take heart from the fact that the debate is now out in the open and that help is on hand.

The government’s Cyber Streetwise campaign, launched in 2014, is an excellent initiative designed to raise awareness of everyday online threats and how to avoid them.

Online tools such as Owl Detect and HaveIBeenPwned? allow small businesses to check if they’re the likely victim of a data breach, and security software for smartphones has come on leaps and bounds in recent years.

Do you want to join the conversation?

Sign up here