We live in an era where people are busy, time is limited, and instant gratification is almost an expectation. If you were given a list of 1,000 potential clients and knew that the first 100 on the list met your ideal client profile and had budget and need of your services, who would you go after first? Would you go after the 100 “easy” targets, or drudge through the unknown 900?
We would ALL go after the potential new clients with the highest rate of conversion. Cybercriminals are no different than leaders of legitimate businesses in this regard, and if you own a business of fewer than 1,000 employees YOU ARE TRENDING in the world of cyber-crime.
Drilling down further into these statistics, companies with 11 to 100 employees accounted for 37% of all ransomware attacks in the fourth quarter of 2021.
The harsh reality is that small businesses are easy targets. Over half of the small businesses in the US have ZERO in house IT support. Cyber criminals are smart enough to after companies with little to no protection. Think of it this way, criminals who wanted to steal physical goods from a warehouse would target those with no fencing, no gates, no cameras, and no alarm systems. Many of today’s small businesses are the modern-day version of the “unprotected warehouse.” But small businesses present even more appealing qualities!
- Small businesses are unlikely to have to financial resources needed to hire teams of cybersecurity experts who can track down the origin of cyber attacks thus increasing the likelihood that the cybercriminals remain unknown.
- Small businesses are unlikely to have sufficient backups of their data and will have no choice but to pay to have data restored… there is literally no other option beyond shutting down the business altogether.
- Small businesses are the least likely to train employees on cybersecurity best practices. Large and enterprise sized companies leverage annual cybersecurity training. These same companies will deploy “fake” phishing campaigns to employees to see who will fall victim to the scam. The employees who fail the test are often required to engage in additional training.
- Small businesses are more likely to retain outdated software and hardware that is no longer receiving patches and updates from the provider. This scenario makes infiltrating the business’ network even easier.
- Small businesses are less likely to pay for cybersecurity protection. When they do, they typical pay for minimal protections such as antivirus but do not pay for more advanced security features such as endpoint detection.
The solution is easy… employee an IT department with cybersecurity expertise or leverage a third-party provider.
The execution is more challenging.
To learn how to select a managed services provider/IT support company, come back next week for “Interviewing MSPs Part One: Questions You Should Ask.”
Sources:
2024 Data Breach Investigations Report
Law enforcement pressure forces ransomware groups to refine tactics in Q4 2021