Large, well-fortified organizations and enterprises may not be as attractive to data thieves as they once were. You can thank better training, bigger IT budgets and more effective security measures for this welcome bit of news.
Things are less rosy for small companies, however.
Shrinking budgets, limited resources, and lax or outdated security practices have now made SMBs the hacker’s preferred cyber-target, says a recent New York Times post — a vulnerability confirmed by recent industry stats.
Symantec, for example, estimates that 60 percent of cyber-attacks are now aimed at small businesses. Verizon recently reported that 70-plus percent of all data breaches were waged against firms with 100 or fewer employees. And though estimates vary about the monetary cost of data loss, experts agree even a relatively small-scale attack can be fatal for smaller companies.
Ransomware: The Weapon of Choice
These days, “Credit card numbers are harder to monetize,” observes Intel Security Group GM, Christopher Young. Thieves have to obtain the numbers and sell them to others before they can make a profit. Ransomware, on the other hand, is “high volume and requires no middleman,” Young says. Once employees click on a malicious link — which they do at an alarming rate — hackers gain the entry they need to hold company data hostage, and demand bitcoin or other forms of payment.
In a related development, researchers at security software vendor Kaspersky caution that spearphish attackers are (again) actively using Microsoft Office Suite macros in email attachments (masquerading as scanned documents), to spread banking malware and Trojans.
Small Companies in the Crosshairs
The main takeaway from the Times post is that no company is too small to be hacked. Just like street thieves, cyber crooks target those whom they perceive to be weak and defenseless. To protect your company and its data, contact an IT Managed Services Provider (MSP) today. MSPs are on the forefront of security planning and technology, and can help you develop an integrated strategy that includes creating a security checklist, reversing bad password habits, training employees, and reducing liability after a breach.