The Secret to Cybersecurity For Small Businesses

Published on 09 Oct 2021

White paper | The Secret to Cybersecurity For Small Businesses

All small businesses are at risk of data breaches. While much of the reporting on cyberattacks focuses on large companies, the truth is that small businesses are not immune. According to Ponemon Institute, 63% of small and medium-sized businesses worldwide experienced a data breach during fiscal year 2019, up from 54% just two years earlier.

See also: On-Premises to Cloud: A Workspace Service Journey

Cybercriminals use a range of tactics for cyber attacks

Cyberattacks come in many forms, from ransomware and cyber extortion to theft of sensitive data such as personal information about employees or intellectual property. While many small businesses are familiar with malware and may have installed antivirus to combat these kinds of attacks, the reality is that the threat landscape is much more complex than it used to be. Today, many cyberattacks gain a foothold without deploying malware. According to CrowdStrike’s 2020 Global Threat Report, malware-free attacks are up from 49% to 60% as a proportion of all attacks between 2018 and 2020. 

Ransomware continues to be a major concern for small companies. When cybercriminals hold critical data for ransom, your business is effectively shut down — customers can’t place new orders, suppliers can’t deliver materials and employees can’t access the information they need to do their jobs. While the average ransom payment that hackers request from small businesses is $5,600, the total cost is often much higher. When you factor in costs of downtime, legal services and other aspects of responding to a breach, estimated damages average 50 times more than the payment.

5 Cybersecurity Misconceptions for Small Businesses

1. Cyberattacks are carried out by basement hackers

The idea that hackers are lone attackers working with amateur setups might be easier to stomach than the reality: they are highly organized, disciplined and specialized cybercriminals who act fast. Recently, well-funded, highly organized criminal groups have been more relentless and sophisticated than ever, deploying a range of new tactics, techniques and procedures. For instance, ransomware as a service (RaaS) provides cybercriminals with a ready-made kit to use malicious code that locks you out of your system.

2. Cybercriminals don't care about the data they have

Some small businesses may think they fly under the radar of cybercriminals since they have less data than large corporations. However, most small and medium-sized businesses (63%) experienced a data breach in 2019. Because small businesses typically don’t have the sophisticated technology and dedicated security teams of a large enterprise, they can be an easier target for attackers. 

3. I'll Know If I've Been Breached

Cybercriminals are experts at camouflage. The longer they can stay inside your system, the more damage they can potentially do. When a breach does
happen, it often takes just a few hours. It can occur at 3 a.m. on a holiday when the office is closed, or over a long weekend when staffing is low. But on
average, it takes 79 days to discover a data breach7, which is far too late to prevent damage to your organization. 

Download this ebook by Crowdstrike to learn about the remaining cybersecurity misconceptions people have when it comes to small businesses. Subscribe to for continuous information for quality resources on IT and technology.   


You will receive an email with a download link. To access the link, please check your inbox or spam folder