The answer to the title question is yes. Small and medium-sized companies, for the most part, are more vulnerable compared to large corporations. As stated, this is not a rule, but an increasingly intense reality. Some research shows that 58% of invasions target small and medium-sized companies, which tend to have reduced resources for protection. There are several reasons, but all can be circumvented. With less financial power, they often have inadequate or insufficient solutions for protection. There is also the issue of a reduced number of employees, delegating IT tasks to employees without proper training or awareness – which can lead to work overload and possible neglects.
Another reason for an increasing number of cyber attacks on small and medium-sized businesses is the fact that, in most cases, those responsible do not see themselves as potential targets. There is no denying the existence of the mistaken idea that crackers (malicious users) prefer to attack systems of large multinationals, seeking greater gains in a single invasion. However, the reality is not this. The famous law of least effort can be applied to cybercrime; the lower the security barriers to be overcome by invaders, the higher the assertiveness rate of the actions, so companies with these characteristics are the most targeted.
What can crackers do against small and medium-sized businesses?
There are several malicious activities that attackers invest. One of the most common is Phishing. The name is an allusion to fishing. The use of Ph is due to an association with the word “phreaking”, which is the study and exploration of telecommunications systems. In phishing, the objective is to “catch” important information and data through false messages. Criminals then obtain usernames, passwords, bank account details and credit cards. Fake emails with malicious links or files are used in this scam, and are increasingly similar to authentic emails. In the current era of social media, where almost everything is available, it is easy to obtain information to personalize attacks and make them more difficult to distinguish from routine activities.
It is also important to highlight Ramsonware. It is a type of malicious code that makes data stored on your computer, tablet or mobile phone inaccessible. Attackers use encryption and demand ransom payment to return access to the user. That is, a real kidnapping. For any company, a significant loss, as several sectors can be stopped due to Ransomware. In small and medium companies, the impact can be even greater. Propagation occurs through emails with infected files in the attachments, or by inducing the user to click on links – exploiting vulnerabilities in systems with poor security.
Although less used, the attack known as DDoS is also a concern. Even though it is not exactly an invasion, it causes major headaches. After all, DDoS saturates the processing capacity of a computer or server, reducing or dropping the connection and leaving the company down. The name stands for Distributed Denial of Service, in which a master computer can manage hundreds of “zombie” computers to assist in the attack. Everyone accesses a particular resource at the same time, until it is overloaded and inoperable. It’s like gradually putting a giant load on a pickup truck until it stops walking and needs repairs. That is, your website, e-commerce or web application can go down even without being hacked – and still bring losses to your business.
How to be protected then?
Some investments will be necessary, as free solutions offer very low protection. And here are two more famous sayings: cheap is expensive and prevention is better than cure. So how about starting with a firewall? In addition to protecting users, it also keeps the network protected, as it prevents threats from penetrating through a specific point and spreading.
Even if small and medium-sized companies have more modest budgets, they should take into account investment in professionals with skills in digital security. Outsourcing is good business. There are several specialized companies that will help to provide security and agility in the administration of your business’ digital assets – such as OSTEC. Visit our website and discover the solutions that will help keep your company’s results safe.
As much as technology can help, we must not forget that it is made of people. It is necessary to train employees so that they have an attitude that prioritizes digital security. Many of the successful attacks rely on distraction or the lack of care of employees to gain access to private data. Employees should then be guided on the best practices, also creating procedures manuals, so that the security strategy is complete in the organization.