25 Nov United States Economy “Achilles heel” losing billions of dollars
Cyberattacks against small businesses increased between 2020 and 2021, affecting seriously the United States economy.
When Elana Graham started selling cybersecurity software to small businesses five years ago, business was relatively slow.
Now demand is booming, driven by a rapid expansion of remote work that has left these companies vulnerable to attacks.
Graham says his company’s turnover has tripled since the beginning of the year, reaching an all-time high.
“It was a situation of total denial. ‘ It’s not going to happen to me. We are too small.’ That was the message I overwhelmingly heard five years ago,” says Graham, co-founder of Canada-based CYDEF. “But yes, it’s happening,” he says.
Cybercrime is expected to cost the world $10.5 trillion by 2025, according to cybersecurity research firm Cyber Ventures.
If the current trajectory is followed, small businesses will absorb most of the impact.
They are three times more likely to be attacked by cybercriminals compared to large enterprises, cloud security firm Barracuda Networks has found.
And the risks skyrocketed during the pandemic, affecting gravely the United States Economy.
The outcome of lockdowns
Between 2020 and 2021, cyberattacks on small businesses increased more than 150%, according to RiskRecon, a Mastercard company that assesses companies’ cybersecurity risk.
“The pandemic created a whole new set of challenges, and small businesses weren’t prepared,” says Mary Ellen Seale, executive director of the National Cybersecurity Society, a nonprofit that helps small businesses create cybersecurity plans.
In March 2020, at the height of the pandemic, a survey of small businesses conducted by CNBC found that only 20% planned to invest in cyber protection.
Then the COVID-19 lockdowns went into effect and businesses rushed to move their operations online.
Working remotely meant more personal devices like smartphones, tablets, and laptops had access to sensitive corporate information.
However, lockdowns strained budgets and limited how much businesses could spend to protect themselves. Hiring expensive experts and acquiring the required cybersecurity software was often out of reach.
The result was a weak cybersecurity infrastructure that was ready to be hacked.
Check out this article!: Apple vs Microsoft
Few risks, big gains
“A lot of the attacks now target them because criminals know that larger organizations have done a pretty good job of protecting their infrastructure. The weakest link is small businesses. And it’s really easy to get in there. This is serious because small businesses are the backbone of the United States Economy” Seale says.
For would-be criminals, such attacks involve low risk and high reward, as they are less likely to attract the attention of authorities and often the companies themselves.
Yoohwan Kim, a professor of computer science at the University of Nevada (Las Vegas), says it usually takes 200 days from the time the hack is done until it’s discovered. In many cases, customer complaints are what alert businesses to a problem.
And with a vendor that has been hacked, criminals can access networks of organizations higher up the supply chain.
“Big companies depend on small businesses. They are the lifeblood of America and we need a wake-up call,” Seale says.
Small businesses make up more than 99% of businesses in the U.S. and employ nearly half of all Americans, which plays a critical role in the global economy.
Kim says they are like the “Achilles heel” of the economy.
“These may be small companies, but what they sell to large companies could be very important. If they are hacked, [their product] will not enter supply chains and everything will be affected in the United States Economy,” Kim says.
Cyberattacks can be devastating for small businesses, leading to their products being removed from supply chains, as well as incurring legal costs, investigations and reporting to regulatory authorities.
About 60% of small businesses shut down within six months of an attack, the National Cybersecurity Alliance estimates.
“The cost could run into thousands of dollars. Some companies just can’t afford that kind of money,” Kim says. “They just can’t handle it, or at least in the current United States economy.”
The most vulnerable
But while small businesses are the most vulnerable, Graham says most cybersecurity tools have been built for large enterprises and are often difficult to understand and install if you don’t have a cybersecurity expert on the team.
“That’s a big challenge for small businesses that don’t understand what these people are trying to sell them,” she says.
Experts say there are simple steps small businesses can take to improve their protections, such as creating basic response plans and identifying what and where critical data is.
It’s also important to educate employees on how to avoid and detect attacks, as the vast majority of data breaches occur due to human error.
Attacks in which cybercriminals hacked into business emails were the costliest cyber threat during the pandemic, with losses reported at $1.8 billion, according to the Federal Bureau of Investigation (FBI).
Also known as spear phishing, these hacks perform a targeted attack in a specific way, unlike more traditional strategies such as spam, which reaches a large number of people.
Graham describes the tool as “the new frontier in criminal activity” and says it has become the most common type of cyberattack his customers face.
But Seale says companies shouldn’t despair.
“The most important thing is to convey to small businesses [the notion] that this is not useless. It’s not an insurmountable task,” she says.