The relationships small enterprises have with larger companies makes them a tempting target for cybercriminals.
This is according to Candice Sutherland, cyber underwriter at iToo Special Risks. She was speaking at the Cyber Security Innovations Conference in Fourways earlier this week.
“They have this perception that it will not happen to them because they are a small business, but they are easier to hack than a big corporation,” says Sutherland.
Their relationship with larger companies means their more vulnerable IT systems can provide a gateway for cybercriminals.
This is what happened to US retailer Target in 2013. Cybercriminals managed to get access to its systems via one of its air conditioning suppliers. The breach saw hackers get information on 70 million of Target’s customers and resulted in the company paying out R18.5 million in settlements.
“Hacking a service provider is much easier than hacking the larger company because they would at most times have the exact same information and the larger businesses have precautions in place,” says Sutherland.
Small businesses that become victim to cybercrime tend to collapse with the first six months of the breach.
This is according to President Masango, head of cyber security at Intelligenx Research.
“Even though they can recover the data that has been stolen, their reputation does not recover,” he says, adding that 43% of small businesses have closed shop as result of cybercrime.
Globally, the average total cost of a data breach is $3.92 million (more than R59 million), according to the 2019 Cost of a Data Breach Report by IBM Security.
The study found that breaches originating from a malicious cyber attack were not only the most common of those studied, but also the most expensive since 2014.
“The share of breaches caused by malicious attacks surged by 21%, growing from 42% of breaches in 2014 to 51% of breaches in 2019,” according to the report.
Malicious attacks take longer to identify and contain.
Beware the disgruntled employee
Sutherland says this type of breach is usually done by a disgruntled employee within the information and technology department in the company.
“Data is the most valuable asset, and an employee is [potentially] the most dangerous – so companies need to look at ways to secure that.”
Personal wellbeing at risk
CyberSec MD Nathan Desfontaines encourages companies to invest in detection technology to avoid data breaches.
He points out that healthcare is now at the forefront of data breaches.
“So now we are seeing that cyberattacks could have an impact on personal wellbeing rather than just to a system.”