What, me worry?
That's the stance a shocking number of small business owners in the U.S. have taken toward cybersecurity, according to a new study from Paychex. In a survey of 341 business leaders conducted by Bredin, most of the small business owners polled by the research firm, 68 percent in fact, were not concerned about getting hacked.
And if by chance an attack was successful, 90 percent said they were at least somewhat confident they could recover.
Generally, a little fearlessness is a good trait for entrepreneurs to have. Unfortunately, when it comes to cyber-attacks, the odds are stacked against them.
Citing data from the National Cyber Security Alliance, Paychex reminded readers that most cyberattacks (70 percent) are aimed at small businesses. Often, the cost of bouncing back on one's feet can wipe out a company.
"Small businesses are particularly vulnerable because they often possess richer data sets than average consumers, but generally lack the protections most larger businesses have in place," said Todd Colvin, senior director of data systems and security at Paychex.
"Short of implementing a broad suite of cyber security protections, small businesses would be served well by following basic computer hygiene practices – such as implementing a documented information security policy, logical access restrictions, robust logging and review, device and application patching – all year long," continued the Paychex executive.
One of the biggest threats affecting small businesses is ransomware.
Ten percent of those polled said they suffered from a small-scale or localized attack. Nine percent of respondents admitted to suffering the effects of an attack that was national or international in scale, like WannaCry or other ransomware strains. In May, a WannaCry outbreak spread to 74 countries, locking users out of their critical files, and in some cases, bringing some businesses and critical services to a crashing halt.
Although many ransomware-wielding attackers cast a wide net for potential victims, some are very targeted in their approach. And many small businesses meet their ideal of a perfect victim.
Attackers have grown increasingly sophisticated, targeting file types used by specialized or niche businesses that will gladly pay to get their livelihoods restored.
Malware expert Ken Dwight, also known as The Virus Doctor, cautions that some attackers are after the types of files that are critical to the day-to-day operation of their companies. Dwight explained that some ransomware strains are "only looking for, say AutoCAD," offering the file type as a hypothetical example.
AutoCAD files can contain architecture blueprints, electrical schematics and other valuable layouts and drawings. Dwight added that the average home user is unlikely to have AutoCAD files laying around, "but for the business that has them, they are valuable files," particularly if they hold the plans for a billion-dollar oil platform.
Sometimes, cybersecurity threats reside right within a company's own doors.
Ten percent of respondents said they discovered that an employee had accidentally or purposely disclosed confidential company information online. Nine percent harbored suspicions that an employee was acting in the same manner.