Small Businesses Aren’t Immune
TechRepublic released an interview today with a small company in Kentucky who were the victims of a ransomware attack. Reading through the interview seems sort of surreal. The CFO, identified as Jason, could be with any small company in America.
I won’t rehash the entire interview for you here, although you should read it. But I do want to mention that they ended up paying $150,000 to the hackers. Initially, Jason notes the ransom was for $400,000, but they were able to negotiate by working with a tech company and responding quickly to the criminals.
It seems incomprehensible to think that a small business would be the target of such a high ransom. Jason certainly thought so as well. But this is something we’ve been saying for a long time. It isn’t just big business that falls in the cross hairs of a cybercriminal’s scope. We’ve been seeing small, malicious attacks against small to medium American businesses for years now.
True, the payout for a hack on the city of Atlanta or a global company like Honda is much bigger. Criminals know that a bunch of smaller attacks, like the one outlined in this interview, will net them a tidy profit as well. And smaller businesses are more likely to have lax protection.
Making The Leap
The jump to attacking small business isn’t such a huge one. In an economy where a $150,000 payout is equal to the yearly salary of 3-4 employees, hitting a few of these small businesses a month can still rack up big profits. Couple that with the reduced security, and you’re sitting on a virtual goldmine.
But why is small business less likely to have a solid security plan? There are plenty of answers to that, probably as individual as each business itself, but essentially it boils down to the idea that they don’t think they’re worth hitting.
Jason notes in the interview that the group that hit his company usually demands a million dollar payout. He was shocked that they went after a smaller amount. And it’s that misunderstanding that leaves smaller businesses open to attacks.
Coupled with the fact that many businesses don’t heavy guard their RDP ports or focus on educating their employees about phishing attacks (the two most popular and effective ways to get into a businesses’ systems), and you have the perfect storm.
Taking The Initiative
It’s time that smaller businesses adopt the principles larger corporations have been using for years now. Taking a long, hard look at security measures will help these companies develop a solid plan. There are multiple resources, including managed service providers (MSPs) out there who specialize in securing these types of business.
Education, protection, and monitoring systems are a great start to better security. There’s tons of information out there on how to build a solid security plan. And you can always reach out to us at PC Matic if you need help with what direction to go.
Ultimately, we want to make sure you’re safe. And we want you to keep your money in your business, not in the hands of criminals.
Stay safe out there.
1,156 total views, 6 views today