Is Any Business Too Small to Hack?

Other than the neighborhood lemonade stand, no business is too small to hack.  

Let’s look at Stellar Innovations and Terra Nova, two companies on similar paths. They both earn about 2M in annual sales and employ 15-20 people. Both are also focused on growth and success, however their approaches to cybersecurity will set them apart.

Why Are Small Businesses Targeted?

SMBs are attractive targets for cybercriminals due to a combination of factors. Their valuable data, often containing sensitive customer information and financial records, makes these targets a lucrative prize. Additionally, SMBs frequently lack the robust cybersecurity resources and expertise of larger corporations, causing them to be more vulnerable to attacks. Finally, their smaller scale and less complex IT infrastructure can be easier to exploit, allowing attackers to breach their systems with fewer obstacles. Bottomline, although the payoff is smaller, the time invested to reach success is comparably smaller too.  

The Story of Stellar Innovations  

Stellar Innovations, like many small businesses, believed their size made them a less attractive target for hackers. They were lulled into a false sense of security, thinking, "Who would bother with a little fish like us?"  

The statistics show that Stellar Innovations is not alone in this misconception:  

• 59% of small business owners without cybersecurity measures believe their small size will protect them.
• 47% of those with fewer than 50 employees allocate no funds to cybersecurity.  

One fateful day, Stellar Innovations fell victim to a ransomware attack. Their systems were crippled, their data was held hostage, and their operations were brought to a screeching halt. The financial and reputational damage was substantial, and the experience was a harsh lesson in the importance of cybersecurity.

This story does not stop here. Once hackers realize that they can take advantage of a vulnerability, they will return to do it again.  As many as 67% of small business victims were breached multiple times. It has become a new strategy to ask for lower dollar amounts such as $10-15,000, in the hopes that the company will just pay and move on. The hackers then come back and do it again, and again. Until the vulnerability is corrected.  

Stellar Innovations was hacked 4 times over 2 years. The reputational damage and the cost of paying the hackers put a significant strain on their overall business. 60% of small businesses go out of business within 6 months of being attacked.

The Story of Terra Nova

Meanwhile, Terra Nova took a different approach. They understood that even as a small business, they were vulnerable to cyber threats. From the outset, they invested in robust security measures, educated their employees, and adopted a proactive approach to risk management.

A data breach can cost a small business on average $100,000, this far outweighs the cost of preventative measures. Generally, SMBs allocate 5-20% of their IT budget to security. For instance, a company spending $5,000 monthly on IT should invest between $250 and $1,000 in cybersecurity. The exact percentage depends on factors like data sensitivity. A reliable Managed Service Provider (MSP) can conduct a risk assessment to tailor your security measures.

When Terra Nova faced a similar cyberattack, they were better prepared. Their security systems detected the threat early, their employees were trained to respond appropriately, and their data was protected through regular backups. While the incident caused some disruption, the damage was minimal compared to Stellar Innovation’s experience.

Further, they determined what caused the vulnerability and took corrective actions that included incident response and risk mitigation to prevent this from happening again. If those hackers tried again, they were met with a locked door.

What did Terra Nova do Right?

Terra Nova realized that a cyberattack would be significantly more costly than spending the money upfront to have good systems in place.  They worked with an MSP to conduct a risk assessment and create a comprehensive cybersecurity plan. This plan included:

• Educating employees on cybersecurity best practices.
• Using strong passwords and multi-factor authentication.
• Keeping software and hardware up to date.
• Backing up data regularly and have offsite storage.
• Creating a plan in place for responding to a cyber breach.  

They conduct regular risk assessments to ensure that there are no new areas of concern. Additionally, they review their cybersecurity plan to ensure that nothing has drifted and that they remain vigilant. This process does not have to be expensive and can pay significant dividends in protecting your business from a breach.

The stories of Stellar Innovations and Terra Nova serve as a stark reminder that cybersecurity is not just a concern for large corporations. Even small businesses can be targeted by hackers, and the consequences can be devastating. By investing in robust security measures, educating employees, and adopting a proactive approach, companies can protect themselves from cyber threats and ensure their continued success.

Net Friends has an over 25-year history of helping companies plan for their tech future and secure their data. If you are ready to talk to a professional and protect your business, book a meeting.