43 Percent of Cyber Attacks Target Small Business


Cyber Attacks Target Small Business

Cyber crime is on the rise and small businesses are increasingly becoming the target of hackers.

New data from Symantec’s 2016 Internet Security Threat Report shows that small businesses have become a big target for phishers. Last year, phishing campaigns targeted small businesses (PDF) 43 percent of the time. That’s up 9 percent over 2014 and a stark contrast to the mere 18 percent of attacks that focused on small businesses in 2011.

Cyber Attacks Target Small Business

Symantec’s report shows that about 1 in 40 small businesses are at risk of being the victim of a cyber crime. That pales in comparison to the 1 in about 2 large businesses which are targeted every year — multiple times — with a cyber attack.

Still, the report indicates that hackers are indiscriminately choosing their victims. It’s not a matter of who they’re targeting but what they’re targeting … your money.

These phishing attacks target employees largely responsible for the finances of a small business. Malicious email messages sent to these employees that are opened could hijack an entire company’s financial information and gain access to funds and personal information.

Furthermore, Symantec also notes in its Internet Security Threat Report that ransomware attacks are also on the rise and targeting not only employees but any devices connected to a company’s hacked network. Symantec says it has instances on the record in 2015 of attacks on the Internet of Things, too. That includes attacks on smartphones, smart watches, and a smart television. In these attacks, there is a demand for some type of payment before a device may be freed by its attacker.

Digging a little deeper into the data from Symantec’s report reveals a 55 percent increase from 2014 to 2015 in the amount of spear-phishing campaigns that target employees of a business of any size. Symantec classifies small businesses as any with up to 250 employees.

Small Businesses Need To Prepare for Cyber Attacks

So, what should small business owners do with this information? Be prepared is the simple advice.

It’s clear that hackers will continue to target small businesses with phishing attacks. And since these attacks are targeting employees mostly, implementing a proper training and informational program on phishing schemes within your company is prudent. This type of training will hopefully help reduce the likelihood that an employee of yours will open a suspicious email by helping to better identify one.

Since cyber attacks target small business, it’s more likely your small business will become the target or victim of a phishing attack.  Develop a plan for dealing with such a situation. Consult with your IT team or an IT expert on a comprehensive plan for mitigating the impact of a phishing or other cyber attack against your company.

Finally, with the rise in attacks on devices connected to your company’s network, it’s best to limit the amount of those devices — employee smartphones and other IoT devices — you allow on it.

Chart: Small Business Trends


More in: , 21 Comments ▼

Joshua Sophy Joshua Sophy is the Editor for Small Business Trends and the Head of Content Partnerships. A journalist with 20 years of experience in traditional and online media, he is a member of the Society of Professional Journalists. He founded his own local newspaper, the Pottsville Free Press, covering his hometown.

21 Reactions
  1. I think it has something to do with the fact that small businesses lack the security to fight cyber attacks. I am not talking for all but they have relatively low security compared to bigger ones.

    • I think the options are available, Aira. I believe it boils down to what’s needed and that’s something each small business owner needs to make on their own. And if they don’t know what they need, they need to seek out an expert who will give them unbiased advice. This is one area, I fear, where a small business owner is vulnerable to buying something they don’t need. Thanks for your great insight!

  2. It’s disheartening to see so many SMBs having to deal with this. It’s expensive and time-consuming, but in the world we live in you have to be savvy and protect yourself.

    • Excellent advice, Robert! To add to that, I think it’s imperative a small business owner get some unbiased expert advice on what they REALLY need to purchase to protect THEIR business. This is one area where small businesses are likely to overspend on something they’re told they need by someone selling protection.

  3. Protection for your business is actually far less expensive then you would think, but you have to be willing to make some investment. I tell my clients all the time, if you’re paying more for your car, then you are your IT then you’re doing it wrong.

    • Agreed, mat! Every small business owner should do their own investigations into what they need for cyber protection. Identify weaknesses and address them with a tailored attack. Unfortunately, I see the average naive-on-cybersecurity small business owner paying way too much for something they don’t need or isn’t right for their business.

  4. Finally, an improvement in reporting accuracy. 50% of firms in the USA have 20 or less employees in them. But, the same number of computers per staff and successful attacks per vulnerable computer exist in small firms as large ones, we would expect that number to be near 50%. The only real question is what is the definition of a small firm?

    • I think they could elect a commission to determine the exact definition in number of employees of small businesses and they’d come up with 15 different answers: 10, 20, 50, 200 … 500 employees! I’ve seen them all.

      I like your point about the attack rate on actual computers, Don.

      This all underscores just how vulnerable and ripe for attack A LOT of small businesses are right now. And if small businesses — truly the smallest of the small businesses — are the backbone of the economy, what does that imply?

      It seems this issue should be at the top of every small business owner’s to-do list.

  5. Joseph A. O'Donnell

    I can say with certainty that all my business clients who have Sonicwall Routers with Gateway Protection services never get any malware and are protected from the Crypto virus as well. I have all of them on professional cloud backup and daily rotational backups so if God forbid something destroys a computer or even worse a server, the worst they are out is a day’s worth of data.

  6. What about those of us that are attacked personally? Not just cyber, but a text that turns from threatening to attack cyberway then turns personal. Like knowing when you are on the phone, following you home, knowing they scared you enough to call the cops.

  7. This situation is going to get worse. Half of all computers that business staff are using belong to small firms with 20 or less staff per firm. There just turns out to be lots of small firms compared to big firms but the computers per staff is about the same.

    The numbers vary by firms but an average might be near 3.5 computers per staff at work, but 1.2 computers per household at home. If the odds of harm are equal for every computer, then your odds of harm at home would be 34% the size than it is at work.