Many small business owners may now be worried that they might be targeted for the kinds of hacking attacks that tech insurance can help them to deal with, and with good reason. A recent study found that they often represent the most vulnerable options for criminals trying to gain access to sensitive information, and to use as a step toward bigger companies in the future.
The number of targeted attacks on companies of all sizes surged 42 percent over the course of last year on an annual basis, and of those incidents 31 percent were designed specifically to affect small businesses, according to the latest Internet Security Threat Report from the computer protection giant Symantec Corp. In fact, the large number of attacks on smaller, independent companies – categorized as those with 250 employees or fewer – was an increase of more than three times the number carried out in 2011.
The reason for this, in general, is that small businesses would, first of all, generally not consider themselves a target for these types of attacks because of their size, the report said. However, this is precisely why they’re often hit: with so few employees, especially in comparison with larger companies, small businesses tend not to have extensive safeguards in place against any sort of attack, and usually don’t employ full-time computer threat management workers, making them relatively easy pickings for hackers. Second, these companies still typically keep some type of sensitive information on customers, clients, or employees, and compromising it could still be helpful to attackers in achieving their ends (identity theft, etc.), and even if they target a large number of small businesses those criminals likely won’t have to put in all the hard work that would come with cracking even one larger entity’s security systems.
Small business as a stepping stone?
Interestingly, the number of attacks that were based on the Web rose 30 percent last year, largely because of the number of times hackers were able to compromise small business websites with malware, and often for the purposes of what are known as “watering hole attacks,” the report said. In such an instance, the hacker gains access to the smaller company’s blog or website, as long as they know someone working at the real target visits that site frequently. This may allow them to load malware onto all computers used to visit the site, including the ones actually being set up for the attack in the first place. This may make the smaller company something like “peripheral damage,” but it nonetheless constitutes a significant security problem. Through one such attack plan, a group of hackers was able to infect as many as 500 companies or organizations in just one day in an effort to bring down larger targets.
In all, about 61 percent of malicious websites found in the study were the result of regular sites being compromised by hackers without the site owners’ knowledge, the report said. That included business, tech and shopping sites, all of which had unpatchable vulnerabilities, meaning that there was little the companies involved could have done to make themselves safer in the first place.
The problem for small businesses is that the fallout from such attacks can come with massive price tags, which can be difficult for even large businesses to bear. In some cases, these can stretch into the millions of dollars, and for this reason, it’s often wise for owners to seek out tech insurance policies to supplement their current small business insurance coverage so that they’re not sent reeling by such an incident, which are growing more common and costly all the time.