Many small business owners don’t feel that they are worth targeting by cybercriminals.
After all, in comparison to large businesses, an SMB has very few data records.
However, while 43% of small businesses have no cybersecurity in place, 20% of SMBs don’t have any endpoint security.
When you realize this it isn’t surprising that small businesses are being targeted by cyberattacks.
If you’re still not convinced, read on to discover examples of cyber attacks on small businesses and the risks associated with a successful attack.
- 1 Examples of Cyber Attacks on Small Businesses in 2024
- 2 SMB Cyberattack Statistics
- 3 The Reasons Cybercriminals Are Targeting Small Businesses
- 4 Steps To Take To Protect Yourself Today
- 5 Summing Up
- 6 Sources
Examples of Cyber Attacks on Small Businesses in 2024
The news may focus on large data breaches and subsequent losses, but there are plenty of crippling smaller-scale losses involving SMBs.
1. Efficient Escrow
One incident that should open your eyes to the dangers of a cyberattack is the story of Efficient Escrow in California.
This small business, run by two brothers, had nine employees.
They were targeted by hackers using malware. It’s best described as a Trojan horse, the malware was hidden within another file which was downloaded.
This gave the hackers access to Efficient Escrow’s bank account.
They promptly wired nearly half-a-million dollars to an account in Moscow.
Shortly after, they conducted two more transfers, totaling $1.1 million.
These were sent to China, close to the Russian border.
Efficient Escrow managed to retrieve the transfer which went to Moscow. It didn’t get the Chinese ones back.
It was then the owners discovered the banks had no obligation to recoup losses when dealing with commercial accounts.
In short, the business lost $1.1 million, twice the expected profit for the year.
Three days after they reported the loss, the business was closed down by state regulators. The owners, staff, and customers were all out of pocket.
2. Green Ford Sales
Green Ford Sales is a car dealership, based in Kansas.
As they sell cars locally and did little business on the web, cybersecurity was not a major concern.
That meant it was easy for hackers to get into their system.
Once in, they added nine employees to the Green Ford payroll and paid all nine $7,000 each. The whole process took less than 24 hours.
Once they discovered the issue, Green Ford Sales managed to cancel several of the transfers.
But they still lost $50,000 to the hackers and were unable to get the funds back.
3. Wright Hotels
Wright Hotels specializes in developing real estate. As such, they had a significant amount of funds in their accounts.
Again, as they didn’t generally engage financially with customers online they didn’t appreciate the need for cybersecurity.
This allowed hackers to get into their email account.
Over a short period of time, they monitored their emails and gathered enough information to ring the bookkeeper pretending to be the owner.
They convinced the bookkeeper to complete several wire transfers, totaling $1 million.
The funds went to China and were never recovered.
The only difference between Wright Hotels and Efficient Escrow, aside from the style of attack, was that Wright Hotels had enough reserves to stay in business.
SMB Cyberattack Statistics
Statistics regarding small businesses and cyberattacks make alarming reading:
- 43% of cyberattacks are against small and medium-sized businesses.
- There are 2,200 cyber attacks every day
- Cyberattacks in 2021 were 50% higher than in 2020
- One in 323 emails sent to small businesses are malicious
- In 2021 small businesses lost $6.9 billion
1. 43% Of Cyberattacks Are Against Small And Medium-sized Businesses.
The 2022 Verizon report looked at data breaches and which ones were successful.
It found that 43% of cyberattacks, that’s nearly half of them, were directed at SMBs.
Furthermore, the report showed that malware was the biggest risk, happening in 18% of data breaches on SMBs.
This was closely followed by phishing at 17%.
The report also noted that most SMBs are vulnerable to brute force attacks as they have weak passwords.
Social attacks and ransomware are also common approaches.
Unfortunately, nearly two-thirds of small businesses that succumbed to a cyberattack were closed within six months of the attack.
2. There Are 2,200 Cyber Attacks Every Day
It’s difficult to put an exact figure on cyberattacks.
If they are unsuccessful some companies may not report them, or they may not even know they were attempted.
Current records indicate 2,200 cyberattacks are made every day.
That means nearly 1,000 cyberattacks happen every day on SMBs. Of course, not all attacks are successful but plenty are.
3. Cyberattacks In 2021 Were 50% Higher Than In 2020
The global pandemic has seen a surge in people working remotely.
Businesses have needed to adapt quickly and this has meant cybersecurity has suffered.
Cybercriminals have been quick to exploit this reduced cybersecurity.
The number of cyberattacks in 2021 was 50% higher than in 2020.
While the pandemic has officially passed, many people continue to work remotely.
As companies are still struggling to update cybersecurity measures, hackers will continue to seize the opportunities presented.
That means there are likely to be even more cyberattacks in the future.
4. One In 323 Emails Sent To Small Businesses Are Malicious
The average worker receives 121 emails a day. That means, every employee will receive a malicious email once every three days.
It only takes one employee to click on one email link to make an attack successful.
With so many emails arriving and the pressure of work, it’s easy to see why this happens.
The majority of cyberattacks on SMBs start with an email.
It’s the simplest way to get into a system or get the information a hacker needs.
(Cyber Security Report)
5. In 2021 Small Businesses Lost $6.9 Billion
The FBI investigates as many cyberattacks as possible.
In 2021 the majority of attacks targeted small and medium-sized businesses. While not all were successful, they cost businesses and the industry nearly $7 billion in just one year.
The Reasons Cybercriminals Are Targeting Small Businesses
There are several reasons why your small business is likely to be targeted.
Large businesses tend to have dedicated IT teams and invest thousands in cybersecurity each year.
The result is layers of protection that can be difficult even for the best hackers to get past.
In contrast, many small businesses have minimal cybersecurity and no dedicated personnel to combat issues.
In other words, hackers find it easy to get into the system.
Amount Of Data & Funds Available
It’s easy to reason small businesses aren’t worth attacking because they don’t have the funds or data records that large businesses have.
However, because SMBs are easier to target, a cybercriminal can access a sizable amount of funds and data records by successfully attacking several small businesses.
It can quickly become more profitable than irregular success against large businesses.
Don’t forget, while funds are obviously beneficial as the cybercriminal can extract them, data is just as profitable as it can be sold on the dark web.
It’s true that law enforcement and the public take less interest in a comparatively small data breach which happens to a relatively unknown business.
That’s attractive to a cybercriminal as they are less likely to be caught.
However, what really appeals is the fact most small businesses don’t see the risk and assume they won’t be targeted.
Their approach to security is very relaxed, making them an easy target.
Passwords, or specifically the people that think of them, are the weakest link and what many cybercriminals will target first.
You can make it hard for them by instigating a strong password policy.
That means, all staff need to use 12-character passwords, (or longer). They should have upper and lowercase letters, along with numbers and symbols.
The best solution is to invest in a password manager for all staff and ensure everyone uses it.
As part of this they should all use the password generator tool and change passwords every month.
Steps To Take To Protect Yourself Today
The good news is there are several things you can do to reduce the risk of being a cyberattack victim:
Most businesses have a bank account and access it via the internet.
This doesn’t need to change. However, you need to consider which systems have a direct link to your bank account.
For example, payroll is probably linked, as our supplier payment systems.
To help keep your bank account safe from hackers you should remove all systems that don’t need to be connected to the bank. Each one is a potential access point for hackers.
Train Your Staff
The majority of successful small business hacks start with an email.
Employees open the email and then the link inside. This allows a virus into your system.
It hides and starts collecting data. It can be some time before you even notice the issue.
Training your staff in the most common hacking techniques, including how to spot and stop them, could make the difference between being a cyber victim or not.
Use Extreme Caution When Opening Attachments
All staff should be aware that attachments in emails and online can grant hackers access to the small business systems.
The best approach is to ensure staff know to avoid opening attachments, unless they are certain they are safe.
This is one time it really is better to be safe than sorry.
All Financial Transfers Require Two Signatures
To help avoid anyone being sucked into a scam and giving out bank details or transferring funds to a cybercriminal, you need to impose a two-signature rule.
That means all transfers need to be authorized by two staff, making it harder for someone to accidentally send funds to a hacker.
Keep It Up To Date
To protect your small business against cyberattacks you will also need to add cybersecurity software.
That means antivirus, anti-malware, traditional firewalls, etc.
Installing these automatically makes it harder for hackers to access your system and steal data/funds.
However, it’s not enough just to install this software. You also need to monitor it and update it regularly.
Software developers are constantly looking for new threats and blocking them.
Updating your software ensures you have the latest version and the best possible protection.
Create A Plan
All the planning will reduce your risk of being a cyberattack victim.
However, it is still possible that the hackers will succeed.
It’s a good idea to acknowledge this possibility before it happens and come up with a data breach plan.
This will help you to control the data breach and everyone will know what they need to do.
Decide on an incident response plan and test it out to see if it will work.
Don’t forget to retest it periodically and tweak it if necessary.
If you run a small business and think you’re safe from hackers then re-read the examples of cyberattacks on small businesses.
The bottom line is simple, no business is safe from being hacked.
That doesn’t mean you have to be hacked, it’s simply a wake-up call.
By taking a few simple steps you can add cybersecurity to your business and protect it from hackers.
Start by training your staff and reviewing the company systems.
It’s important your business has strong passwords, uses a good password manager, and installs firewalls, anti-virus software, and even antimalware.
This will help prevent your business from becoming the next cyberattack statistic