Size does not matter, at least for hackers

By Avery Hocutt | July 17, 2018

Why your business is not “too small to be hacked.”

When many business owners read about huge cyberattacks like the one that hit Equifax, they’re interested, but not overly worried. They tend to believe that they, themselves aren’t at risk for a similar breach, because their business isn’t “big enough” to attract the attention of a would-be hacker. Unfortunately, the nature of today’s cybercrime means that each and every business is at risk, regardless of size—and in fact, small businesses are much more highly targeted than large ones. Here’s why.

Real hackers don’t wear hoodies

Countless movies and TV shows have popularized the image of the lone, hoodied hacker, bent over his keyboard as neon numbers flash over his head while he carries out his nefarious work. While this image works great for creating a sense of drama, it obscures the fact that most hacks aren’t performed by humans at all. Most cyberattacks are carried out by robots which attack thousands of sites at the same time, otherwise known as a “brute force” attack. These bots don’t really discern between big sites and small ones—they simply throw everything at the wall and see what sticks. As long as your business is in their firing range, you’re a target—no matter what assets you have.

Small businesses are targeted more than large ones

Of course, there are humans at the helm of every cyberattack, and they do make decisions about the general areas they’d like to target. While most people might think that hackers go after the big money—huge credit bureaus, law firms, and accounting firms bristling with super-sensitive data—they are actually far more likely to target small businesses. In 2017, for instance, over 70% of cyberattacks targeted businesses making $60,000 a year or less.

Why? It’s simple—small businesses are easy money. Small businesses are much less likely to set up security software, delete unused admin accounts, and make regular website updates that can minimize their risk of a breach. They’re also far less likely to have audit logs and other data needed to identify the culprit after the fact—meaning someone attacking a small business is far less likely to get caught and punished.

Think of it like a thief trying to decide which neighborhood to rob. Sure, the big, fancy neighborhoods contain more valuable stuff—but they also have fences, high-tech security systems, and private security patrols. The smaller neighborhoods are likely to have much less barriers to entry, and their TVs are just as nice.

The bottom line: Protect yourself from cyberattacks

The biggest reason small businesses are easier to hack than large ones? They don’t see it coming. Ironically, since small businesses tend to discount themselves as targets, they never take the security precautions that bigger companies do—and thus ensure that they will be targeted at some point.

But lest we sound too doom-and-gloom, there’s a bright side to all this, which is: the vast majority of cyberattacks aren’t very sophisticated. They’re sent out to locate outdated, unprotected websites, and they only succeed because that’s what they find. A few small, simple precautions, like preventative website maintenance, are usually enough to prevent the vast majority of issues.