Small businesses are the new darlings of cyber criminals. Business identity theft and cyber attacks are a rapidly growing problem with far-reaching ramifications for not only the companies targeted, but also for the private citizens and other companies that do business with them.
In 2012, half of all targeted cyber attacks were aimed at businesses with fewer than 2,500 employees, and 31 percent of all attacks targeted companies with fewer than 250 employees, according to Symantec's 2013 Internet Security Threat Report
. And although the risk continues to grow for small businesses, many still believe they're safe from cyber attacks, Symantec discovered in a survey of small business owners
. In that survey, 83 percent admitted they have no formal plan for cyber security, and 59 percent don't have procedures in place to respond to and report a data breach, even though federal law requires companies to inform consumers affected by such breaches.
From loss of business, reputation and actual financial losses, data breach costs
can be devastating for small businesses. But the impact on the business' customers can be just as significant.
"The lack of adequate security practices by small businesses threatens all of us," Symantec says in its security report.
Small businesses often have databases of customers' personal and financial information that identity thieves find useful. Once thieves have this information, they can use it in a number of ways, from opening bogus credit accounts in customers' names to using existing credit card accounts to make fraudulent purchases.
What's more, says Symantec, "attackers deterred by a large company's defenses often choose to breach the lesser defenses of a small business that has a business relationship with the attacker's ultimate target, using the smaller company to leap-frog into the larger one." Such tactics mean that the small business' lack of security not only exposes its own customers to identity theft and fraud, but also may put at risk the clients and customers of larger companies with whom it does business.
Symantec points to the increase in Web-based attacks as evidence of this trend. In 2012, such attacks rose by a third, "and many of these attacks originated from the compromised websites of small businesses," the security software giant said.
In 2012, the average number of identities exposed per breach was a staggering 604,826, according to Symantec. Every breached record is a potential ID theft
case that could cost a consumer thousands of dollars. When a company experiences a data breach, federal law requires it to notify affected customers. Many companies also offer monitoring services to consumers caught up in the breach. The costs pile up for all parties involved.
"It's terrifying that the majority of U.S. small businesses believe their information is protected, yet so many do not have the required policies or protection in place to remain safe," said Brian Burch, vice president of Americas Marketing for SMB at Symantec in a press release
published by the company in late 2012. "Almost 40 percent of the over 1 billion cyber attacks ... in the first three months of 2012 targeted companies with less than 500 employees. And for the small, poorly protected companies that suffer an attack, it's often fatal to their business."
© CyberScout, LLC. All Rights Reserved.