Most business owners today understand that there is a risk of their company’s systems being attacked by cyber criminals intent on exploiting weaknesses, stealing information or holding their company’s infrastructure hostage. However, there is a tendency among small- and medium-sized business owners and leaders to assume that the criminal element is only interested in large businesses. The reality is that any size firm can be a target, and smaller companies may actually be at greater risk than larger organizations.
Attackers See Small Businesses as Easier Paydays
While it’s true that large businesses have historically been targeted by cyber criminals using a variety of methods, there is growing evidence that would-be attackers are choosing to focus their efforts on smaller companies.
Although their “score” of information from malware of other focused attacks will likely be smaller than it would be if they targeted large firms, they are learning that attacking smaller organizations often takes less effort. At the end of the day, they believe they will have an easier time getting access to the company’s, its employees’ and its customers’ personal information and intellectual property.
Would-be attackers know that larger firms are more likely to be able to afford information security resources, tools, processes and skilled personnel. In addition, larger firms are often perceived as being more proactive about educating workers to recognize and thwart potential attacks. Because of this, attackers know that it will likely require significantly more time and effort to successfully penetrate a large company’s systems and defenses.
An Increasing Shift from Malware to Ransomware
At the same time, cyber criminals are also increasingly moving from malware-based attacks to ransomware. In fact, there has been a 2,500% growth in the ransomware economy just since 2016, and North American organizations are attacked at the rate of one every 40 seconds today.
Businesses affected by successful ransomware attacks face the tough decision whether to pay the ransom and hope the attackers will deliver by providing the encryption key they promised or to attempt to restore their systems to a point before the attackers hit.
In many companies, there may not be usable backup data or uninfected applications to restore. If it looks like systems and data could be restored, the next challenge is trying to do so and resume operations while limiting downtime.
Downtime After a Cyber Attack Can be Fatal to the Company
A recent study found that small companies lost an average of $100,000 per ransomware attack due to downtime. Another study found that 72 percent of organizations couldn’t access their data for two days after an attack, and 80 percent of businesses whose systems are down for at least three days actually go out of business (source: Intermedia.)
How long could your company survive without access to the systems and data you rely on to operate and serve your customers?
Norwell Technology Group Can Help Improve Your Estimated Recovery Time
Conduct an honest assessment of your information security infrastructure. How vulnerable are you to attack and, if attacked, how quickly could you restore your systems?
Norwell Technology Group and Infrascale can help you develop methodologies to provide failover from any disaster in 15 minutes, at a fraction of the cost of older approaches.
To learn more, contact us online today or call us at (877) 277-9648.