Adversaries don’t discriminate

Why SMBs need to think like a major corporation when it comes to cybersecurity

Cybercrime is the fastest growing criminal activity in the U.S. and it’s predicted to cause damages totaling $6 trillion USD globally in 2021. This growing trend was only exacerbated by the 2020 pandemic where more people were working remotely and taking advantage of cloud-based systems, and hackers were more active than ever before.

Criminals are on the attack—and they’re running the jungle

As IT architectures become increasingly complex, so have hackers’ strategies, making it extremely difficult for smaller businesses to secure their systems. While hackers launch thousands of automated attacks, these businesses are struggling to find the resources and talent needed to keep up with modern security best practices. So, they make compromises that ultimately leave gaps in their security, which hackers inevitably find and exploit. 

Weak or non-existent security strategies make smaller businesses an appealing target for cybercriminals. According to CNBC, only 14 percent of small businesses are prepared to defend themselves against a cyberattack, which is likely why 43 percent of cyberattacks target small businesses. What’s worse is that SMBs are less likely to recover from a data breach.

Roughly 83 percent of cyberattacks are financially motivated—which shouldn’t be surprising. What’s frightening is how costly they can be. While the Hiscox Cyber Readiness Report of 2019 found the average cyberattack cost a business $200,000, a 2020 report by Ponemon Institute and IBM puts that number closer to $3.86 million. And according to the National Cyber Security Alliance, 60 percent of companies that have experienced a data breach go out of business within six months. While these numbers are staggering for even the most monolithic companies, they are devastating for smaller businesses.

Here are a few examples of cyberattacks from recent years that affected businesses of all sizes.

• Marriott: The international hotel chain has experienced two major data breaches in two years, the second of which resulted in hackers acquiring information about 5.2 million guests. This breach started when hackers obtained the login credentials of two Marriott employees for a guest services application the hotel chain uses. Once inside the app, the hackers were able to access guest data, including names, birthdays and phone numbers.
• SolarWinds: The most notable attack of 2020, and one of the biggest data breaches of the last decade occurred when someone wrote malicious code into SolarWind’s Orion platform. When customers updated their software, the code gave hackers access to SolarWinds’ clients’ systems. Unlike many attacks that are system-wide, this was an extremely targeted attack, according to a company representative.
• Clark County School District: The Clark County School District in Nevada was hit with a ransomware attack last summer that accessed, and eventually exposed, student data. Ransomware attacks on school districts have become increasingly common, especially with the number of schools teaching remotely during the last year.
• Wood Ranch Medical: A medical practice in California was also hit with a ransomware attack that ultimately forced the center to close. The hackers encrypted medical records—and backup records—and held them hostage. The computer systems were ultimately damaged and file recovery was deemed impossible, forcing the small business to close its doors. 
• Rokenbok: Rokenbok, a small toy company, was able to bounce back after losing their data to a hacker who used ransomware to encrypt the company’s files. But not before losing thousands of dollars in missed sales while the company was trying to solve the issue.
• Kaseya: Hackers leverage a tool commonly used by MSPs to infect and ransom more than 1,500 customers in more than 10 countries. The hacking group responsible asked for $70M in ransom, making it the biggest ransomware attack to date.

It’s clear whether you’re a Fortune 100 company or a SMB, hackers will use the same sophisticated techniques and tools to break into your systems. And once they’re in, the results can be catastrophic—especially if the breach goes unnoticed. 

Why SMBs are sitting ducks

With such an advanced threat landscape, taking a reactive approach to cybersecurity is no longer an option. Nor is simply investing in cyber insurance, which won’t protect your business from ransomware attacks. Businesses need to be proactive to survive, which is fine for Fortune 100 companies that have millions to spend on cybersecurity. (Bank of America, for instance, spends a whopping $1B each year on cybersecurity.) But smaller businesses can’t afford that level of protection—even though hackers don’t discriminate.

While Fortune 100 companies have teams of cybersecurity personnel, small and mid-sized businesses don’t have the time or expertise to sift through the 3,500 cybersecurity vendors to determine which are the right fit. To truly protect their valued data, small and mid-sized businesses are best served by working with a trusted MSSP. 

SolCyber is leaping in to change the game

SolCyber is a modern MSSP that does things a little differently. We believe cybersecurity should make you resilient but shouldn’t be difficult, convoluted or costly. We distill Fortune 100 security into a service that provides 90% of the outcomes. It’s also a service that any business can afford, understand and rely upon.

Learn more about the SolCyber difference.