Myth 1 We're too small to be hacked

If there is one myth about cybersecurity that we hear regularly and that absolutely needs to be busted, it is this one. “Why would anyone attack us? We’re too small, too young, no one knows us, we have nothing online… We’re not interesting to hack.”

Actually, yes, you are interesting.

Let’s take each point separately:

– Why would anyone attack us? No one knows us

First of all, not all attacks are aimed. Some attacks are conducted by running scripts, which will not pay attention if the website is big or small. For example, an attack can target all websites based on a common CMS such as WordPress, Drupal, Magento… or simply a version of a web server such as Apache.

Some ransomware follow the same principle: they target all non-updated software or computers. WannaCry, a 2017 main ransomware attack, propagated all over the world, from the early stage start-ups to the biggest brands.

Massive phishing campaigns are also not selective and are sent to any email address in the attacker’s file.

Finally, if you think that you’re not at risk because you have only an IP without a domain name pointing to it, think again. The IP can be found by automatic tools that crawl the whole internet in some hours. As soon as something is online, you need to protect it.

– We’re too small / We’re too young

From the moment you have a website, a server… some data are put online. They are interesting for malicious attackers.

These data are your users’ personal or financial data. Financial data can be used right away by the attackers, meanwhile personal data can be used to gain access to other accounts and other companies, or to build social engineering attacks towards your customers.

If you have a web shop, another possible attack is to divert payment flows from its right addressee to the benefit of an attacker. Even if it is not a large amount, attackers are always interested in money. Moreover, as small companies might have less monitoring, it might take a bit longer to notice the attack, and the attacker will at the end collect an equivalent amount as the one gained from an attack on a bigger website.

Another point of attack is when you are a supplier of a larger company. An attacker may want to gain access to your website or network to collect information or business connections to target then this company. Your website can also be used to hide a malware targeting specifically one company.

Finally, we should remember that some attackers choose precisely their target, but most of them don’t select their target from their turnover or number of employees. They just attack websites that are reported with vulnerabilities by their automatic tools or that cross their paths.

– We have nothing interesting online

Even if you “only” have a showcase website, it needs to be sure. Doing sales is not the only asset of a website, it is first the online representation of your company. It can be the first contact point with potential customers… or the last, if there is harmful content, such as ads for pornographic websites or religious propaganda. Customers’ first impressions are critical.

A showcase website can also host malicious elements, which could harvest information from your visitors’ browser or your own.

This two attacks example will have consequences on your reputation when contacts go on your website, but also search engines or your provider could dereference you or display warning when people are about to access your site.

In conclusion, no one is too small, too young or not interesting to be hacked. And in fact, in 2018, 67% of SMBs have experienced a cyberattack, and 58% had a data breach. (2018 State of Cybersecurity in Small and Medium Size Businesses, Ponemon Institute).

But don’t panic. The important is to be conscious of the risks, and to act to prevent attacks. Strengthening your security does not require to conduct a full and expensive audit, tests can be run to secure your key elements (the most sensitive, the most vulnerable ones), depending on your specific situation. Feel free to contact us to discuss it.

Testing your security, moreover, ensures that you are growing on strong foundations. You can find out more about the financial benefits to test your security here.