Earlier this year, PwC issued a report that found that, despite the increasing number of cyber attacks and the increasing amount of monetary and reputational damage these attacks cause, many companies – particularly small businesses – are actually decreasing their cybersecurity budget. Security budgets for companies with less than $100 million in revenue, which is rather shocking considering the number of reported cybersecurity incidents increased by 48 percent – that’s almost 120,000 attacks per day in 2014!
This leaves me scratching my head a bit. It seems that many of these companies, particularly small enterprises, are ignoring cybersecurity, sweeping their security profile under the rug and crossing their fingers. A large part of this may be due to the news cycle. While we’ve all heard about the millions of credits cards that were compromised in the Home Depot, Kmart and Target hacks, there have been far fewer stories surrounding the thousands of smaller retailers that were hit by the Back Off malware, which compromises the credit card information of customers, leaving many smaller enterprises to think they may not be a target.
Cyber criminals are not discriminating. They can and do go after smaller companies with just as much frequency as they go after larger companies. There are two reasons for this:
Smaller companies are gateways to larger companies.
Smaller companies are often vendors providing services to larger companies. Regardless of what these services are, many of them require direct access to the systems of the larger companies. This means that when a smaller company is breached, they can very likely serve as a launching site for a successful attack against a larger company. But in the meantime, the sensitive data of the smaller company is compromised and the cost can be upwards of several million dollars to fix the breach – an expense that can be crippling to a smaller company.