- Natalie Jimenez
- From New York (USA) to BBC News
When Elana Graham started selling cybersecurity software to small businesses five years ago, the business was relatively small.
Now, demand is increasing due to the rapid expansion of remote work, which has put small businesses under attack. He says the company’s business has tripled since the start of the year, reaching the highest levels since its inception.
“It’s a completely ignored question. ‘This can’t happen to me, I’m too young.’ “That was the most important news I heard five years ago,” says Graham, one of the founders of Canadian company CYDEF. “But, yes, it’s happening.”
According to Swiss cybersecurity research firm Cyber Ventures, the global cost of cybercrime is estimated to reach $10.5 trillion by 2025.
And small businesses will suffer a lot on the current path. According to cloud security company Barracuda Networks, they are three times more likely to be attacked by cybercriminals than large enterprises. And the risks are heightened during epidemics.
Between 2020 and 2021, cyberattacks against small businesses increased by more than 150%, according to RiskRecon, a Mastercard company that assesses the cybersecurity risk of businesses.
“The pandemic created a whole new set of challenges and small businesses weren’t prepared,” says Mary Ellen Seale, chief executive of the nonprofit National Cyber Security Association, which helps small businesses develop cybersecurity plans.
In March 2020, at the height of the pandemic, a survey of small businesses conducted by pay-TV channel CNBC found that only 20% of them planned to invest in cyber security. Then came the Covid-19 lockdowns and companies rushed to improve their online operations.
With remote work, personal devices such as smartphones, tablets and laptops can access important company information. But the lockdowns have tightened budgets, limiting how much companies can spend on protecting themselves.
Specialized personnel and expensive cybersecurity software are often out of reach for organizations. This resulted in a weakening of its cyber security infrastructure – a scenario for hackers.
“A lot of attacks are now coming through big companies because criminals know they’ve done a good job of protecting their infrastructure,” says Seale. “The weak link is small business. It’s very easy to get there.”
For would-be criminals, these attacks have low risk and high rewards because they are less likely to come to the attention of law enforcement and often companies themselves.
According to Yuhwan Kim, a computer science professor at the University of Nevada, Las Vegas in the US, on average, cyber attacks are discovered only after 200 days. And many times, it’s customer complaints that alert companies to a problem.
Also, with a compromised supplier, criminals can gain access to the networks of other companies in the supply chain.
“Big companies depend on small ones,” says Seale. “They are the lifeblood of America, and we must wake them up.”
Small businesses make up more than 99% of American firms and account for half of all jobs in the country. Its role in the world economy is important.
And, for Kim, they are the economy’s “Achilles heel.”
“They may be small companies, but what they sell to the big companies is very important,” he explains. “If they’re hacked, [o seu produto] If it doesn’t enter the supply chain, everything will suffer.”
Cyber attacks can be devastating for small businesses. In addition to having their products removed from the supply chain, they incur legal costs, investigations and filings with regulatory bodies.
According to estimates from the National Cyber Security Alliance, about 60% of small businesses close their doors within six months of facing an attack.
“The cost can run into the thousands of dollars,” Kim says. “Some companies can’t pay that money. They can’t take it.”
But while small businesses are the most vulnerable, Graham says most cyber security tools are designed for large corporations. They are often difficult to understand and install without a specialist employee.
“It’s a big challenge for small businesses that don’t understand what these people are trying to sell them,” says Graham.
According to experts, there are simple steps small businesses can take to increase their security, such as creating basic action plans and identifying what and where sensitive data resides.
It’s also important to educate employees on how to prevent and detect attacks, as most data breaches involve human error. Attacks by cybercriminals to hack business emails were among the threats that caused the most damage during the pandemic. According to the FBI, they account for $1.8 billion (R$9.6 billion) in known losses.
Known as spear phishing, these scams use specific targeting, unlike traditional tactics like spam, which reach large numbers of people. Graham describes the tool as a “new frontier of criminal activity” and says it has become the most common cyberattack his clients face.
But for Seal, companies shouldn’t despair. “The most important thing is to let small businesses know that this is not hopeless. This is not an insurmountable obstacle.”
“Communicator. Award-winning creator. Certified twitter geek. Music ninja. General web evangelist.”