In the United States, small business is big business. Keeping the websites for those small businesses — all 28.4 million of them — safe and secure from attack, is a huge job. A job made easier with the help of a trusted partner.
Let’s look at the most recent figures from the U.S. Small Business Administration:
- 28,443,856 small businesses
- 5,707,941 small businesses with employees
- 22,735,915 small businesses without employees
- 56,062,893 workers employed by small businesses
Those 28.4 million small businesses look at the Internet and their websites and see a level playing field that allows them to compete for long-tail revenue with much bigger players on a global stage.
Cybercriminals see a huge opportunity.
The sheer scale of small business is why, when it comes to cybersecurity risk, size is irrelevant. Cyberattackers believe in equal opportunity for targets.
And while the Internet has allowed SMBs to compete more equally with their larger counterparts, when it comes to securing their data, small- and mid-sized businesses remain several steps behind their larger counterparts, according to a recent study.
According to the 2016 Internet Security Threat Report from Symantec, more than 1 million web attacks took place each day in 2015. “Cybercriminals continue to take advantage of vulnerabilities in legitimate websites to infect users, because website administrators fail to secure their websites,” the report states. In fact, the study found that nearly 75 percent of all legitimate websites have unpatched vulnerabilities.
Let’s look at those vulnerabilities. First and foremost are people — all 56 million of them working at a small business in the US.
In the 2015, PWC study “Managing Cyber Risks In An Interconnected World,” employees were the most cited culprits involved in security incidents. And a 2016 report from Accenture and HfS Research found 48 percent of respondents say they are concerned about insider data theft. In fact, 69 percent said they had “already experienced either an attempted or successful theft of data by an insider during the preceding year.”
Another soft spot: Passwords. SplashData, which collates passwords from data breaches in the US and Western Europe, says "123456" was, for the fifth year running, the most common password. Failure to create secure passwords leaves businesses and their websites exposed to attack.
Other threats are less focused on social behaviour and are more technical in nature. Take DDoS, which stands for Distributed Denial of Service. In a DDoS assault, criminals attack a system through a network of computers and deliberately bombard a website with more requests than it can handle.
While the business focuses on the challenges of the DDoS bombardment, hackers can target other areas of the system. The attack can lead to a loss of website availability and, more crucially, sales and revenue. Even scarier: some criminals also use this failure as an opportunity to extort a ransom to restore website availability.
New Technologies, New Vulnerabilities
The fast pace of digital disruption creates more security issues. The cloud, for example, is another way the playing field has been levelled for SMBs. Thanks to the cloud, smaller organizations can access on-demand compute and storage resources that were previously only available to enterprise-scale firms.
But it’s critical when moving workloads to the cloud that an SMB work with partners who prioritize governance and security policies.
Mobility and Bring Your Own Device (BYOD) trends, and the apps that feed data to those devices, present another potential exploitation point for criminals. It’s estimated that new mobile security flaws in 2015 affected over 1 billion people.
Investment in information security, therefore, has never been more crucial. As the prospective points of attack rise, so the techniques of cybercriminals continue to evolve. SMBs must take a proactive stance.
Evidence suggests, however, that there is a common lack of IT and security resources at small firms. Some of that is driven by the “I’m too small to be a target” way of thinking. Some it stems from simple economics: security ROI is sometimes hard to justify. The result: as many as 40 percent of SMBs are committing just 10 percent or less of their IT budget to security for 2016.
The great news is that security does not have to be expensive. By implementing a sensible mix of standards, policies, and tools, you can create a strategy to protect your company and your customers from cyberattacks.
Your strategy, however, can’t be implemented in isolation. Smart business owners work with trusted partners to keep errant individuals at bay. For many small organizations, your web hosting service will be your first – and best – line of defense against security threats.
This story, "You Have A Website? You Have Cybersecurity Risk " was originally published by BrandPost.