Recent years have forced many business owners to wake up to not only the threat of cyberattacks, but the massive repercussions if their businesses are been hit. For small business (SMB) owners, this shift has made entrepreneurs understand that their companies are not safe, despite their small size. Amid all the high-profile, expensive attacks against corporations witnessed by the global market, the problem is only going to get worse, and no one is immune.
Truly, no one. Take cybersecurity company Zeguro, for example.
When the firm announced earlier this week that it would be partnering with QBE Insurance Group to offer small businesses access to tailored cyber insurance solutions, the Zeguro's President, Co-founder and COO Dan Smith told PYMNTS that the firm itself was targeted in a spear phishing campaign — unsuccessfully, albeit. Even so, it shows that cyberattackers are targeting businesses at alarming rates, and the threat is amplified as they deploy new technologies that allow them to accelerate the pace and scope of their attacks.
"I don't think we've seen the extent of ransomware attacks that are going to be coming out in the very near future," Smith said, adding that the attacks that have already done significant damage to small businesses "were really just the start."
It's a scary thought, considering that a single attack on a small business causes, on average, between $84,000 and $148,000 in financial damages, forcing 60 percent of SMBs to shutter their doors within six months of falling victim to a cyberattack, UPS Capital research found.
The spear phishing campaign that targeted Zeguro exemplifies how cyberattacks are evolving. Spear phishing is the next level beyond traditional phishing attacks. Rather than sending out phishing emails to a mass of potential targets in hopes that a few bite the bait, spear phishing has a targeted, sophisticated strategy in which attackers may pose as legitimate business executives or partners of their victims. Furthermore, attackers don't just want a few bucks — they want invaluable business intelligence, data and intellectual property.
Spear phishing is now the most common tactic cybercriminals use when targeting corporates, and Smith said that SMBs are going to see even more of these moving forward.
"Spear phishing is becoming more and more [intelligent] and automated," he explained. "They're targeting either non-technical employees within the organization [who] don't have the school of knowledge to know this was a phishing attack, or they're targeting engineers with the business [who] have the privileges that could potentially lead to the [breach] of customer or company confidential data."
In the cybersecurity industry's constant effort to stay one step ahead of the criminals, cybersecurity technology has also worked to become more automated and intelligent. Automatically assessing businesses' risk exposures, analyzing data and constant assessment of internal systems allow businesses to prevent an attack, quickly identify when one occurs and ensure operations still run smoothly (with minimal loss) after the fact.
Today, however, small businesses are being offered cybersecurity solutions that don't always fit their needs — a trend Smith described as "trying to fit a round peg in a square hole." The industry needs to introduce more tailored, custom solutions for SMBs, taking into account their size, industry and threat level to provide the most appropriate tools.
This is another area in which cybersecurity is becoming more automated and intelligent, he noted, noting that Zeguro's own technology is able to continually reassess a business' threat level as it grows and changes.
While technology is imperative in combating the ever-increasing risk of cybercrime, there is undoubtedly a human element to protecting the small business, too. After all, no amount of technology will be able to prevent an unwitting employee from clicking a malicious link or sending company funds into a fraudulent account after being duped by a sophisticated spear phishing attack. Smith explained that cybersecurity technologies must be coupled with behavioral solutions that can teach employees and correct their behavior — quickly.
"When an employee clicks on a phishing link, there are psychological, behavioral analytics behind the scenes," he said. "You have to be able to retrain human behavior within three to five hours to get the most learning, and the most capacity out of retraining that action the human has performed in error."
In this regard, intelligence is key— not only for machines and technology, but for human employees as well. That mix will be critical to Zeguro as it continues into its next venture with QBE: The firm will deploy its digital intelligence to offer the "right fit" of cyber insurance solutions for small businesses, but there is also a human element to meeting SMBs' needs in this market, too.
According to Smith, less than 4 percent of U.S. SMBs have a cyber insurance product today.
"This is due to [SMBs] not thinking they need it, not knowing it's out there or the brokers that provide insurance services to these customers not wanting to spend the time explaining it, because they don't understand it themselves," he said.
Small businesses' understanding of cyber threats — and the solutions available to them — will be key in moving the needle of cyber insurance adoption, and ensuring that SMBs are proactive in their own protection.