- Nathalie Jimenez
- BBC Business Correspondent
Things were relatively slow when Elana Graham started selling cybersecurity software to small businesses five years ago.
Now, demand is booming with the rapid proliferation of remote work, which leaves these companies vulnerable to attack.
Graham’s company’s turnover tripled reached an all-time high since the beginning of the year.
“It was total denial. ‘This is not going to happen to me. We are too small’. That was the message I heard overwhelmingly five years ago,” says Graham, co-founder of Canada-based CYDEF. “But yes, it happens,” he says.
Cybercrime is expected to cost the world US$10.5 trillion by 2025According to cybersecurity research firm Cyber Ventures.
If the current trajectory continues, small businesses will get most of the impact.
Cloud security company Barracuda Networks has found that they are three times more likely to be hacked by cybercriminals than large organizations.
And the risks skyrocketed during the pandemic.
The effect of deadlocks
Cyber attacks against small businesses between 2020 and 2021 increased by more than 150%According to RiskRecon, a Mastercard company that assesses companies’ cybersecurity risks.
“The pandemic has created a whole new set of challenges and small businesses weren’t ready,” says Mary Ellen Seale, executive director of the National Cybersecurity Society, a nonprofit that helps small businesses create cybersecurity plans.
In March 2020, at the height of the pandemic, a survey of small businesses by CNBC revealed that only 20% planned to invest in cyber protection.
Then the covid-19 restrictions came into play and businesses struggled to move their operations online.
Working remotely meant: More personal devices such as smartphones, tablets and laptops have access to sensitive corporate information.
But the restrictions have strained budgets and limited the amount companies can spend to protect themselves. Hiring expensive experts and acquiring the necessary cybersecurity software was often out of reach.
The result was a weak cybersecurity infrastructure ripe for hacking.
Low Risk, Big Payoff
“Most attacks now target them because criminals know that larger organizations do a pretty good job of protecting their infrastructure. The weakest link is small businesses. And it’s really easy to get in there,” Seale says.
For potential criminals, such attacks involves low risk and high rewardbecause they are less likely to attract the attention of authorities, and often companies themselves.
Yoohwan Kim, Professor of Computer Science at the University of Nevada (Las Vegas), states: as usual gets 200 days from the moment of the attack until it is discovered. In most cases, customer complaints are what alert companies to a problem.
Also, with a hacked supplier, criminals can gain access to networks of organizations higher up the supply chain.
“Big business depends on small business. It’s the lifeblood of America, and we need a wake-up call,” says Seale.
small businesses Represents over 99% of companies in the US. and they employ nearly half of all Americans who play a critical role in the global economy.
Who says they are like “Achilles heel” of economics.
“They may be small companies, but what they sell to big companies can be very important. If they get hacked, [su producto] It won’t go into supply chains and everything will be affected,” says Kim.
Cyber attacks can be devastating for small businessesThis results in exposure to legal costs, investigations and disclosures to regulatory authorities, as well as the removal of their products from their supply chains.
The National Cybersecurity Alliance estimates that around 60% of small businesses shut down within six months of an attack.
“The cost can run into the thousands of dollars. Some companies can’t afford that kind of money,” says Kim. “They can’t handle it.”
But while small businesses are the most vulnerable, Graham says: most cybersecurity tools are built for big companies often difficult to understand and set up without a cybersecurity expert on your team.
“It’s a big challenge for small businesses that don’t understand what these people are trying to sell them,” he says.
Experts say there are simple steps small businesses can take to improve their protection, such as establishing basic response plans and identifying what and where critical data is.
Moreover Because the vast majority of data breaches are caused by human error, it is important to train employees on how to prevent and detect attacks..
According to the Federal Bureau of Investigation (FBI), attacks in which cybercriminals hacked commercial emails were the most costly cyber threat, with $1.8 billion in losses reported during the pandemic.
Also known as bait hookthese attacks perform a targeted attack in a specific way, unlike more traditional strategies such as spam that reach a large number of people.
Graham describes the tool as “the new frontier in criminal activity” and says it has become the most common type of cyberattack faced by its customers.
But Seale says companies shouldn’t despair.
“The most important thing is to convey to small businesses [la noción] which is not useless. This is not an insurmountable task.”
You can now receive notifications from BBC Mundo. Download and activate the new version of our app so you don’t miss our best content.
#Achilles #heel #economy #billions #dollars #lost