TLDR: The arguments from a decade ago for why hackers aren’t concerned with small businesses no longer carry that much weight and cyber-threats are now a very real problems SMBs must deal with.
Why would hackers target my small company? It’s attitudes like that which are actually leading to an increased rate of cyber-attacks on small businesses. Indeed, hackers still target giant corporations the most but small businesses (those with 250 or fewer employees according to a Symantec study) have secured the number two spot given their generally relaxed and low cost IT security measures. Of course high-powered cyber security for your business comes at a high cost so it’s no wonder why many smaller business owners opt to spend their funds elsewhere. Some of the main arguments small business owners typically use to explain why cyber security is a lesser concern of theirs revolve around how cyber-attacks would be little more than a minor inconvenience for their firms. Specifically, they might argue that hackers have little to gain from targeting their companies and even if they did infiltrate their systems any damage could be quickly cleaned up with minor fixes like office-wide password changes. Five to ten years ago those arguments might have held up but as Bob Dylan would say, the times they are a-changin’. In the past hackers typically worked alone and had to target high profile businesses which if successfully attacked would help them gain notoriety. However, these days hackers tend to work in collectives with a reduced desire for fame and a deeper interest in profits which go towards furthering their goals. Indeed, there are already extensive global markets for trading confidential data like login details, ATM pin codes, medical records, Social Security numbers, etc. What’s worse is that these groups don’t care where they get their information from which is why small businesses with new yet less secure networks are prime targets. And the attacks are getting increasingly sophisticated so that, for example, a hacking syndicate could enter a small business’s servers, copy all of its clients’ personal identification and financial records, and then exit possibly without even being detected.
