A single cyberattack can be devastating for any business but even more so for smaller businesses. In 2021, 46% of data breaches impacted small and medium (SMB) businesses. In addition, the average cost of a single breach against SMBs increased from $101K in 2020 to $105K in 2021. In contrast, the average breach cost for larger enterprises fell between 2020 and 2021. It is incredibly difficult for small businesses to recover from a data breach and within a year of a data breach, more than half of small businesses fail.
The FBI has expressed concern about a recent wave of cybercrime against American SMBs. At CNN’s Small Business Playbook event in December 2022, FBI Supervisory Special Agent (SSA) Michael Sohn said that as large businesses invest more in cybersecurity, cybercriminals are turning their attention to the “soft targets” – the SMBs.
Why is this so?
More importantly, what can SMBs do to protect themselves from threat actors hell-bent on harming them?
Cybercrime and small businesses: The facts
SMBs are attractive targets for cybercriminals, mainly because these companies usually have small – or non-existent – cybersecurity budgets and teams. Consequently, they are not in a position to keep attackers out of their networks and systems.
In addition, smaller firms also have valuable digital assets that criminals are looking to compromise, steal, or even sell on the dark web for substantial payouts. In some cases, attacking an SMB can be a steppingstone for criminals to gain access to larger businesses.
Whether it’s a malware infection, a ransomware attack, or a brute force attack, a single event can have devastating financial consequences on the affected SMB. It can also damage the firm’s reputation, lead to increased customer churn, and leave them open to costly regulatory fines and legal liabilities. In the worst cases, the business’s very survival may be endangered.
Despite these alarming facts, a majority of SMBs are unaware or unconcerned about their cybersecurity risks. Recent research by CNBC shows that only 37% of U.S SMBs are concerned that they will be the victim of a cyberattack in the next 12 months. Only 4% of believe cybersecurity to be the biggest risk to their business.
And these 4% are absolutely correct.
SMBs are vulnerable to a range of threats that can yield serious long and short-term damage. These threats include:
- Malware and ransomware attacks
- DDoS attacks
- Man-in-the middle (MitM) attacks
- Phishing scams
- Zero-day attacks
- Brute force attacks
- Insider attacks
- Advanced persistent threats (APTs)
Furthermore, the threat landscape is constantly expanding, so SMBs may be vulnerable to new and more threats each year. For this reason, they must act now to secure their networks and prevent – or at least mitigate – cyberattacks.
Vital cybersecurity strategies for SMBs
FBI’s Michael Sohn believes that many recent cyberattacks against SMBs could have been prevented if the affected firms had followed some basic cyber hygiene practices, many of which can be implemented quickly and at minimal cost.
The most effective strategy is to implement next-generation multi-factor authentication (NGMFA) using a biometric solution like Token Ring.
SMBs must ensure their employees use only reputable hardware and software, and it is crucial that their team regularly audit these assets across the company. Doing so can help to curb “Shadow IT”, a phenomenon where employees use digital assets that are not IT-approved or -vetted and might include vulnerabilities that put the entire organization at risk.
It’s also important to ensure that all devices and software are updated with the latest patches to protect them to the best possible extent. A reputable antivirus, antimalware, and firewall can help protect the SMB from damaging viruses, malware, and other threats.
Other critical security measures for SMBs are:
- Encryption software to protect sensitive data from unauthorized or malicious parties
- Data backup solutions to ensure that business-critical information can be recovered in case of a data breach
- Employee awareness campaigns to educate employees about cyber risks and their role in strengthening the company’s cybersecurity strategy
- Ongoing cybersecurity planning to prepare for cyberattacks with appropriate response and mitigation strategies
Many SMBs assume that they are not at risk of cyberattacks because they are “below the radar” for hackers. With the increasing use of bots, AI, and Cybercrime-as-a-Service, this is no longer the case. By the time they realize their mistake, it’s often too late. As recent history shows, the frequency of cyberattacks against SMBs has increased and a single such event can have devastating consequences for the affected company. That’s why SMBs must strengthen their cybersecurity defenses. One of the most effective ways to do this is with biometric MFA.
A biometric and passwordless next-generation MFA solution, like Token Ring, provides the strongest protection against ransomware, data breaches, and many other security threats. With Token Ring, SMBs get all the benefits of MFA while their employees get easy passwordless login support in a single step.
To learn how Token Ring is changing the authentication landscape with wearable MFA, talk to an expert. Click here to get started.