Cybercriminals have small businesses in their crosshairs

Image of padlock against circuit board/cybersecurity background
(Image credit: Future)

When looking to steal data, cybercrime groups rarely care about the organization’s size, and as time goes by, the cost of these data breaches only rises. However, while large enterprises may survive the financial fallout of a major data breach, that can’t be said for most small and medium-sized businesses (SMB).

A new report from cybersecurity experts Acronis claims the average cost of a data breach is now roughly $3.56 million. At the same time, the average ransomware payment rose by a third (33%), to more than $100,000.

Regardless of company size, a data breach is a major financial hit, but for most SMB’s, Acronis says, it would “sound the death-knell”. To make matters worse, SMBs don’t have the resources to tackle the threat in-house, so they’re forced to turn towards service providers. And when those service providers are compromised, it’s checkmate for SMBs.

“Unlike larger corporations, small and medium-sized companies don’t have the money, resources, or staffing expertise needed to counter today’s threats,” explains Candid Wüest, Acronis VP of Cyber Protection Research. “That’s why they turn to IT service providers – but if those service providers are compromised, those SMBs are at the mercy of the attackers.”

To stay secure, Acronis says, SMBs need to pay close attention to their employees. Phishing is rampant, and the number of these types of malicious emails rose 62% from Q1 to Q2. With many employees today working remotely, away from the relative protection of the corporate network and the IT team, they’ve become a prime target for many criminals. 

SMBs should educate their workforce on the dangers of phishing and social engineering, and make sure their employees verify the email sender’s identity before clicking on any links in the email, or downloading any type of attachments. 

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.