A marketing firm surveyed 1,250 small business owners (fewer than 500 employees) about their cybersecurity practices, and the the results are quite stunning. They largely show that most are doing little to prepare for potential attacks, and for those who have done some work, this is often nowhere near enough.
Nearly half of business owners surveyed have no defensive measures in place and a third have no protection against cyberattacks. Additionally, 60% have no concerns about being a potential target, saying they are too small to be on anyone’s radar. As we have written many times in previous blogs, this is simply not true. This is because everyone has customer data and other business-critical data that can be invaluable on the dark web to a bad actor. This can be just customer emails or include credit card accounts or social security numbers.
This lack of worry extends to all kinds of small businesses, extending to online-only and mostly in-person situations. Below you can see the breakdown of responses between the different types of businesses.
Results increase for online-only businesses to 20%, but drop to 7% for in-person businesses. That shouldn’t mean that in-person businesses should breathe a little easier because everyone uses online resources. For example, you can have a web server or use an online bill payment service, or even email or instant messaging. All of this could be compromised by a determined adversary, and it could be catastrophic.
Here are some of the reasons respondents say they resisted having appropriate measures in place:
Overall, 12% of respondents have experienced some sort of cyberattack, many of which resulted in customer data being stolen or compromised. This is all the more true as respondents did not show much determination to fend off cyberattacks. For example, less than a third have regular data backups in place or use secure networks, two of the reasons ransomware continues to be effective.
How do hackers get into a company’s network?
A quick look at Avast’s latest global SMB risk report