InSight

Cyber Crime and Small Business: Should I Be Worried?

Written by Winter-Dent | Apr 26, 2021 2:09:00 PM

As you are planning your budget and making your business plan, there is one more reality you need to take into consideration...cyber crime. What used to be a frustrating annoyance is now a full-blown concern with potentially dire consequences. And the need for commercial cybersecurity is increasing, not decreasing. So the question we're asking in this blog is...should you be worried?

Cyber Crime started in the 1970’s as a way for technologically savvy criminals to hack the phone systems at Bell Telephone company, impersonate phone operators and get free long distance phone service. Since then, it’s grown and evolved significantly. In 1986, Congress passed the Federal Computer Abuse and Fraud Act, making computer tampering a felony. Since then, as advances in technology have grown...so have hackers’ skills. 

In a single month in 2020, a number of significant cyber breaches that make the headlines:

  • A 16-yr old in Massachusetts and a 17-year-old in Florida managed to hack and shut down the Twitter accounts of Kanye West, Bill Gates, and other celebrities.
  • North Korean hackers shut down the Israeli defense industry.
  • A 16-year-old junior in high school was arrested for a cyberattack that shut down schools in Miami-Dade.
  • The public schools in Hartford, Connecticut were shut down by a ransomware attack.

Cyber crime is real. It's increasingly common. Personally, who among us hasn’t hasn't received a notice at least once from their credit card company or from Facebook that their personal information has been hacked? From identity theft for individuals to major threats of espionage in large corporations, no one is exempt from the risk. It’s especially important for small to mid-size businesses to take cyber crime seriously and do more to protect themselves. 

Keeper Security's most recent SMB Cybersecurity Survey found that 66 percent of decision makers at small businesses believe that cyber criminals won't target them. The survey also found that 60 percent of small businesses have no plan in place for protecting their digital assets.

This is a serious mistake.

The 2020 Data Breach Investigations Report from Verizon tells us that 43 percent of cyberattacks are directed at small businesses. The average ransomware demand is just $1,000, but the total cost of a full cyberattack on a small business averages around $200,000.

And there is one more important statistic from the Verizon report that demands attention:

Slightly over 60 percent of small businesses that go through a cyberattack go out of business in six months. Accenture and Ponemon Institute conduct annual studies to calculate the cost of cyber crime. They estimate that cyber criminals will cost businesses $5.2 trillion over the next five years. Big businesses can deal with the financial ramifications of cyberattacks. But small businesses can't. Here's an example.

How Can a Cyberattack Put a Small Business into Bankruptcy?

A small auto parts company in Colorado was doing great until one day one of their employees downloaded what they thought was an update to their parts catalog. It was actually a Trojan horse called Cryptowall. The Trojan horse in just a few milliseconds found the company's accounting software. In less than 10 seconds it exposed customer names and addresses, customer credit card numbers, EINs, TINs, and Social Security numbers.

That wasn't all.

The company kept its information on a network drive, so Cryptowall encrypted all of their accounting data so the company could not access it. Then the demand came to send the hackers $50,000 for a decryption key. They went out of business just six weeks later.

Do We Have Your Attention?

At Winter-Dent, we can offer you cyber insurance that covers your downside for cyber attacks. But we really prefer that you don't have to use it. 

It’s important to understand what tactics cyber criminals are using currently so that you can be aware: 

  • Phishing is the practice of sending fraudulent emails that appear to be from legitimate senders to get you to give up personal information or access to your computer system.
  • Bricking is making your computer or smartphone impossible to operate until you pay a ransom to access it.
  • Cyber extortion is demanding money to access your own data or keep it private. (Please review what happened to the auto parts company, described above.)
  • Hacking and data breaches are intrusions into your computers, computer networks, or presence in the cloud. Both extortionists and business competitors may hack your computer systems.
  • Identify theft is posing as you over the Internet or in credit applications, bid submissions, or legal filings.
  • Social engineering is the use of deception to induce you or your employees to give up important data.
  • Cryptojacking is taking over physical machines, networks, or cloud accounts.

Cybercrime is definitely a risk. And with any risk, there are preventative measures you can take to minimize the likelihood that an event will occur...and when it does, to mitigate the impact it has on your business and your customers. So back to the original question...should you be worried? The answer is...if you're not prepared...then yes.