According to Ponemon’s “Cost of Cyber Crime study 2014” report, web attacks are one of the most biggest threats smaller companies are facing. Why?
While several SMBs are preoccupied with other priorities and don’t think their are an interesting target, hackers take advantage of the situation. And there are many reasons to attack a small business!
1. Lack of awareness and a disinterest for risks management
In general, small businesses seem to pay little attention to cyber-risks (web and non-web). Most probably because entrepreneurs tend to focus on opportunities rather than threats!
Moreover, creating a position in a company for security matters is a non-sense until the company reaches a critical size. Among small businesses, web security is therefore handled by non-specialists, who don’t have much time for it considering their heavy agenda.
2. No skills nor security budget
Because nobody is officially assigned to that subject, the budget attached to web security is usually low, or non-existent.
And companies who do not invest in the protection of their web assets are an easier target, which attracts hackers!
When Vaadata performs security audits on vulnerable websites, a few minutes are sometimes enough to take full control of a server.
Taking control of a server allows attackers to add one more machine to their “zombies” farm, to send SPAM, host viruses or host malicious websites.
3. SMBs are connected to bigger companies.
Small businesses are rarely alone and some big companies they partner with can be the final target of cyber-criminals.
In fact, attacking a subcontractor or a provider might give access to confidential documents, to extranet or file server passwords.
Attacking a website can also be a way to attack browsers connected to the website, in order to get other confidential information and spy on employees.
4. Attacking a website is a low risk for hackers
An attack can be performed from anywhere in the world, with a basic internet connection. In the end hackers are rarely caught because tracing the source of attacks often requires resources that companies cannot afford or are not ready to invest.
In addition to being a low risk, website attacks are very lucrative. Reselling personal or bank data, servers access, spam or stealing cash… hackers are quite motivated!
In a nutshell, implementing security measures is a must-do for all companies, including small businesses.
The goal is not to deploy a full military arsenal or disproportional means, but to make sure your web applications become more professional, to protect your know-how and reassure your clients and business partners.