The research is clear: Just because a business is small does not mean it survives undetected from a cyberattack. In fact, some SMBs may actually be a bigger target for cybercrime. For example, small U.S. manufacturers working with overseas business partners operate with a heightened risk for cybercrime, according to research from Bank of the West.
In some cases, it’s a small businesses’ global expansion that heightens their risk. In other cases, it’s the sheer fact that small businesses don’t expect they’ll be targeted — and therefore implement mediocre defenses — that also make them a prime target.
In Australia, Small Business and Family Enterprise Ombudsman Kate Carnell emphasized this warning at the ASIAL Security Conference held in July.
“[Cybercriminals] know the big guys have really cool systems, and they know the little guys [don’t],” she said, according to news reports in ZDNet. “Cybercriminals now are attacking small businesses as a result, very, very regularly.”
“Small businesses are attacked for a whole range of reasons,” she continued. “One is their systems are pretty low, their knowledge in the area is pretty low, they don’t have in-house IT people, most people don’t really understand this stuff at all ... and they have a tendency to pay accounts and invoices quickly. When you get a false account, they have a nasty habit of being paid.”
Heightening the threat of cybercrime even further is the growing concern among analysts that traditional antivirus software can no longer adequately protect any enterprise, large or small, as cybercriminals develop more sophisticated ways to infiltrate corporate systems.
These trends make the latest research from Australian cloud accounting firm MYOB all the more concerning.
New data recently released by the company, and reported by ZDNet last week, found most small businesses in the country rely on basic antivirus software, with additional stats uncovering other troubling trends. PYMNTS highlights the key data from MYOB’s “SME Snapshot Survey,” which surveyed 394 small business customers in August 2017.
-87 percent of SMBs consider themselves safe from attacks because they already use antivirus software. But, as analysts have pointed out, antivirus software is now not enough to protect any enterprise, as cybercriminals develop new ways to commit their crimes.
-10 percent of SMBs told MYOB they don’t consider themselves safe from a cyberattack — a curiously low figure, considering Carnell’s warning and data from other analysts. According to MYOB, the small businesses that feel unprotected point out a lack of security planning or their increased online presence.
-72 percent believe data stored in the cloud is at least moderately safe, with 21 percent believing it to not be safe. MYOB found that small business owners based in remote areas are least likely to trust cloud security.
-About half of SMBs are planning to improve their cybersecurity efforts in the coming year, but nearly the same figure — 40 percent — said they aren’t planning to do so. Researchers found that software updates and staff education efforts are the most common tactics for improving cybersecurity within small- and medium-sized enterprises. Changing passwords was also a commonly cited tactic.
-13 percent of SMBs plan to hire an IT professional for the purpose of improving cybersecurity efforts, which, as Carnell pointed out, is an investment less commonly seen within small businesses compared to larger corporations. Nearly a third said they plan to invest more money into cybersecurity defenses and software.
-38 percent of small businesses say they don’t have the expertise to address the cybersecurity threat, meaning this factor is the largest barrier to ensuring a small business is adequately protected, MYOB found. Twenty-eight percent said the issue of cybersecurity is “too complex” for them.
-32 percent of SMBs said they don’t need to improve their cybersecurity measures because they don’t have a strong online presence, a dangerously ignorant way to approach the issue, according to analysts and additional research.
-79 percent of SMBs agree no one is safe from a cyberattack — a wise position on the matter.