America’s ‘sore’ for which it loses millions of dollars


When Elana Graham started selling cybersecurity software to small businesses five years ago, business was relatively slow.

Now demand is booming, fueled by the rapid expansion of remote work that has left these companies vulnerable to attack.

Graham says his company’s turnover has tripled since the start of the year, reaching an all-time high.

“It was complete denial. ‘It’s not going to happen to me. We’re too young,'” says Graham, co-founder of Canada-based CYDEF. That’s the message I was hearing five years ago.” “But yes, it is happening,” he says.

According to cyber security research firm Cyber ​​Ventures, cybercrime is expected to cost the world $10.5 trillion by 2025.

If the current trajectory continues, small businesses will absorb most of the impact.

Cloud security firm Barracuda Networks has found that they are three times more likely to be attacked by cybercriminals than large enterprises.

And the risk skyrocketed during the pandemic.

Between 2020 and 2021, cyber attacks on small businesses increased by more than 150%, according to RiskRecon, a MasterCard company that assesses the cyber security risk of businesses.

“The pandemic created a new set of challenges, and small businesses were not prepared,” says Mary Ellen Seale, executive director of the National Cyber ​​Security Society, a nonprofit that helps small businesses create a cybersecurity plan. Is.

In March 2020, at the peak of the pandemic, a CNBC survey of small businesses found that only 20% planned to invest in cyber security.

Then the Covid-19 lockdown kicked in and businesses started scrambling to move their operations online.

Working remotely meant that more personal devices such as smartphones, tablets and laptops had access to sensitive corporate information.

However, the lockdown has put pressure on budgets and limited how much companies can spend to protect themselves. Hiring expensive experts and obtaining the necessary cyber security software were often out of reach.

The result was a weak cyber security infrastructure that was ripe for hacking.

“A lot of attacks now target them because criminals know that the big organizations have done a great job protecting their infrastructure,” says Seale. The weakest link is small businesses. And it’s really easy to get into. “

For the potential perpetrator, such attacks carry low risk and high reward, as they are less likely to attract the attention of authorities and often the companies themselves.

Yohwan Kim, professor of computer science at the University of Nevada (Las Vegas), says it usually takes 200 days from the time a hack is discovered to the time it is discovered. In many cases, customer complaints alert companies to a problem.

And with one supplier that has been hacked, criminals can access the network of organizations further down the supply chain.

“Big business depends on small business. It’s America’s lifeblood, and we need a wake-up call,” Seale says.

Small businesses make up more than 99% of businesses in the US and employ nearly half of all Americans, playing an important role in the global economy.

Kim says they are like a “sore heel” of the economy.

“They may be small companies, but what they sell to large companies can be very important. If they get hacked, [su producto] It won’t get into the supply chain and everything will be affected,” says Kim.

Cyber ​​attacks can be devastating to small businesses, causing removal of their products from the supply chain, legal costs, investigations and filings with regulatory authorities.

The National Cyber ​​Security Alliance estimates that about 60% of small businesses shut down within six months of an attack.

“The cost can be in the thousands of dollars. Some companies can’t afford that kind of money,” says Kim. “They can’t handle it.”

But while small businesses are the most vulnerable, Graham says most cybersecurity tools are built for larger businesses and are often difficult to understand and set up without a cybersecurity expert on the team.

“It’s a big challenge for small businesses that don’t understand what these people are trying to sell them,” she says.

Experts say there are simple steps small businesses can take to improve their security, such as creating basic response plans and identifying what and where critical data is.

Educating employees on how to prevent and detect attacks is also important, as most data breaches are caused by human error.

According to the Federal Bureau of Investigation (FBI), attacks in which cybercriminals hacked business email were the costliest cyber threat during the pandemic, causing $1.8 billion in damages.

Also known as spear phishing, these hacks employ a targeted attack that reaches large numbers of people, as opposed to more traditional tactics such as spam.

Graham describes the tool as “the new frontier in criminal activity” and says it has become the most common type of cyberattack his clients encounter.

But Seale says companies shouldn’t despair.

“The most important thing is to tell small businesses [la noción] that it is not useless. It’s not an insurmountable task,” she says.

You can now receive notifications from BBC Mundo. Download and activate the latest versions of our apps so you don’t miss out on our best content.


Please enter your comment!
Please enter your name here