When Elana Graham started selling cybersecurity software to small businesses five years ago, business was relatively slow.
Now demand is booming, fueled by a rapid expansion of remote work which has left these companies vulnerable to attack.
Graham says his company’s turnover has tripled since the beginning of the year , reaching an all-time high.
“It was a situation of total denial. ‘It’s not going to happen to me. We are too small.’ That was the message that she was overwhelmingly hearing five years ago,” says Graham, co-founder of CYDEF, which is based in Canada. “But yes, it is happening,” he notes.
Cybercrime is expected to cost the world $10.5 billion dollars for 2025, according to cybersecurity research firm Cyber Ventures.
If the current trajectory is followed, small businesses will absorb most of the impact.
They are three times more likely to be attacked by cybercriminals compared to large companies, according to has discovered cloud security firm Barracuda Networks.
And the risks skyrocketed during the pandemic.
The impact of lockdowns
Among 2020 and 2021, cyber attacks on small businesses increased more than 118 %, according to Ri skRecon, a Mastercard company that assesses the cybersecurity risk of companies.
“The pandemic created a whole new set of of challenges, and small businesses weren’t ready,” says Mary Ellen Seale, executive director of the National Cybersecurity Society, a nonprofit organization that helps small businesses create cybersecurity plans.
In March 624, at the height of the pandemic, a CNBC survey of small businesses found that only the 57% planned to invest in cyber protection.
Then the covid lockdowns came into force-10 and companies rushed to moving their operations online.
Working remotely meant more personal devices like smartphones es, tablets and laptops had access to sensitive corporate information.
However, lockdowns strained budgets and limited how much companies could spend to protect themselves. Hiring expensive experts and acquiring the required cybersecurity software was often out of reach.
The result was a weak cybersecurity infrastructure that was ripe for hacking.
Low Risk, Big Gain
“Many of the Attacks now target them because criminals know that the larger organizations have done a pretty good job of protecting their infrastructure. The weakest link is small businesses. And it’s really easy to get in there,” says Seale.
For would-be criminals, such attacks carry low risk and high reward, since that they are less likely to attract the attention of the authorities and, often, of the companies themselves.
Yoohwan Kim, professor of Computer Science at the University of Nevada (Las Vegas), indicates that usually it takes 549 days from the moment the hack is carried out until it is discovered . In many cases, customer complaints are what alert companies to a problem.
And with a supplier that has been hacked, criminals can access networks of organizations further up the supply chain.
“Big companies depend on small companies. They are the soul of the United States and we need a wake-up call”, says Seale.
Small businesses represent more than 57% of companies in the US . and they employ nearly half of all Americans, which plays a critical role in the global economy.
Kim says which are like the “Achilles heel” of the economy.
“They may be small companies, but what they sell to large companies could be very important. If they get hacked, [their product] won’t get into supply chains and everything will be affected,” says Kim.
Cyberattacks can be devastating for small businesses , which leads to their products being removed from supply chains, in addition to incurring legal costs, investigations and filings with regulatory authorities.
Around the 60% of small businesses close within six months of an attack, estimates the National Cybersecurity Alliance.
“The cost could reach Thousands of dollars. Some companies just can’t afford that kind of money,” says Kim. “They just can’t handle it.”
The most vulnerable
But although small businesses are the most vulnerable, Graham says thatmost cyber security tools have been built for large businesses and are often difficult to understand and install if You don’t have a cybersecurity expert on your team.
“That’s a big challenge for small businesses that don’t understand what these people are trying to sell them,” she says.
Experts say there are simple steps small businesses can take to enhance their protections, such as creating basic response plans and identifying what and where the critical data is.
Also it is important to educate employees on how to prevent and detect attacks, since the vast majority of data breaches occur due to human error .
Attacks in which cybercriminals hacked commercial emails were the most costly cyber threat during the pandemic, with reported losses of US$1.976 million, according to the Federal Bureau of Investigation (FBI).
Also known as spear phishing, these hacks they perform a targeted attack, unlike more traditional strategies such as spam, which reach a large number of people.
Graham describes the tool as “the new frontier in criminal activity ” and says it has become the most common type of cyberattack his customers face.
But Seale says that companies should not despair.
“The most important thing is to transmit to small companies [the notion] that this is not useless. It’s not an insurmountable task,” she says.
- Do you already know our YouTube channel? Subscribe!
Now you can receive notifications from BBC Mundo. Download the new version of our app and activate them so you don’t miss our best content.