informa
News

Why Small Businesses Are Vulnerable To Cybercrime -- And What They Can Do About It

SMBs have more valuable data than consumers and fewer defenses than large enterprises. Have they become the sweet spot for the bad guys?
[Excerpted from "Small Businesses, Big Losses: How SMBs Can Fight Cybercrime," a new, free report published this week on Dark Reading's SMB Security Tech Center.]

Small companies are suffering big losses. A recent survey by Javelin Strategy & Research pegged the cost of SMB computer fraud in the U.S. at $8 billion in 2010.

The victim companies were on the hook for $2.61 billion of that loss, with the balance absorbed by financial institutions, credit card issuers, merchant partners, or insurance firms.

The cost to a particular company can be very high. While the average cost absorbed by the SMB was $1,574 per incident, according to the Javelin report, the median cost was only $21. That means while many of the incidents were trivial, others cost small businesses thousands of dollars they could ill afford.

Findings of a global survey of companies with fewer than 500 employees by Symantec were even more alarming: Three-quarters of the responding companies suffered cyberattacks in 2009, at an average direct annual cost of $188,242. SMBs are twice as likely as individual consumers to suffer non-credit card fraud.

And the stakes are much higher. Most consumers have zero liability if their online accounts are robbed -- the banks will make good. But businesses have no such guarantee. Moreover, banks and credit card companies are far more likely to spot suspicious activity around consumer accounts, where very large transfers are unlikely. But in a small or midsize business, a transfer or withdrawal of $50,000 or $100,000 would appear more or less normal.

SMBs are attractive to cybercriminals, says Serge Jorgensen, VP and CTO at security consultancy Sylint Group. Nearly two-thirds of midmarket companies cite cybercrime as the greatest threat to their companies, according to the InformationWeek Analytics 2011 Strategic Security Survey: Midmarket.

Enterprises yield a big payoff in sensitive information, but are getting increasingly tough to crack, while the pay-off for infecting a consumer PC is not very high. "SMBs are low-hanging fruit, much like consumers," Jorgensen says. "But the bang for buck for attacking and penetrating them is a lot higher."

Why aren’t SMBs better protected? The answer is, in large part, that contemporary malware attacks are slick and hard to detect, either by careful business owners and their employees or even up-to-date antivirus protection. Most (85 percent) of SMBs consider malware the type of breach they’re most likely to suffer, according to InformationWeek Analytics research.

To find out more about the specific attacks that are experienced most frequently by SMBs -- and for a list of detailed recommendations on how SMBs can defend themselves against these increasingly sophisticated attacks -- download the full report.

Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Recommended Reading: