The evidence is piling up: Cybercriminals are finding small businesses easy prey. The 2018 Verizon Data Breach Investigations Report states that, of the companies surveyed, more than 50% of the ones suffering at least one malware attack were categorized as small businesses. That’s not all. The Ponemon 2017 State of Cybersecurity in Small and Medium Businesses Report discloses that 60% of small businesses participating in the Ponemon survey agree or strongly agree that cyberattacks are becoming more targeted, more sophisticated, and more severe.
Experts at Barkly, a provider of endpoint protection, suggest there are overarching reasons why the attacks on small businesses are increasing. “Small business owners should be aware their companies do represent worthwhile opportunities for hackers,” notes the Barkly article 5 Cybersecurity Statistics Every Small Business Should Know in 2018. “While smaller companies may not have resources or data at the scale of enterprise-level organizations, they do have valuable business data.”
SEE: Cybersecurity strategy research: Common tactics, issues with implementation, and effectiveness (Tech Pro Research)
Are small businesses targeted or vulnerable to cybersecurity attacks?
Besides warehousing valuable data, the people at Barkly suggest small businesses are more vulnerable when compared to larger organizations. “One way to interpret reports is to assume cybercriminals are explicitly targeting small businesses, but it’s more likely that small- and medium-sized businesses simply present more vulnerabilities,” state the authors of the Barkly article. “It’s giving most hackers too much credit to consider them sharpshooters. They tend to utilize opportunistic approaches and techniques that can be better described with terms like ‘spray and pray.’ For smaller companies, it’s often simply a matter of being caught in the line of fire without adequate protection.”
Daniel Castro, vice president of the Information Technology & Innovation Foundation, agrees with the Barkly authors. “Small businesses face significant cybersecurity threats,” Castro is quoted as saying in Connor D. Wolf’s Inside Sources article How Cybersecurity Impacts Small Businesses. “Most small businesses are concerned about cybersecurity, but they aren’t doing enough to protect themselves against these threats. One recent survey found that a third of small businesses aren’t taking any practical steps to protect against cyber threats and half lack cybersecurity budgets.”
SEE: Almost half of cyberattacks are directed at SMBs, here’s how to stay safe (TechRepublic)
Cybersecurity help is available for small businesses
Wolf notes the Small Business Administration (SBA) recommends cybersecurity best practices for small businesses. Besides the SBA, the Federal Communications Commission (FCC) and the Department of Homeland Security are additional resources, especially when it comes to new research and tips on how to improve digital security.
There is this thing called money though
In order to survive in today’s competitive global economy, businesses run lean; no one knows this better than individuals in charge of cybersecurity trying to sell upper management on some new-and-improved cybersecurity technology. This becomes exponentially more difficult for those defending a small business with “less than deep pockets” and a management team that isn’t sure there’s a problem.
Though not readily accountable, it is a pretty good bet that lack of funds is another reason why cybercriminals are paying more attention to smaller businesses, which made up most of the businesses in the US in 2016 according to the US Census Bureau.
An innovative cybersecurity solution in Maryland
In a time when legislative deadlock seems the norm, Maryland’s State Legislature passed Bill SB228: Cybersecurity Incentive Tax Credit. The law benefits Maryland companies with fewer than 50 employees. “Under the bill, small businesses in the state that purchase their cybersecurity solutions (products or services) from eligible Maryland cybersecurity providers can claim a state income tax credit equal to 50 percent of the cost for the purchase up to a maximum of 50,000 dollars,” according to this Cybersecurity Association of Maryland article.
To obtain the tax credit, a business residing in Maryland must purchase its cybersecurity solutions from a company that meets the following criteria:
- Has its headquarters and base of operations in Maryland;
- Owns cybersecurity technology, is licensed to sell a proprietary cybersecurity product, or provides a cybersecurity service;
- Has less than $5,000,000 in annual revenue; and or is a minority-owned, woman-owned, veteran-owned or service-disabled veteran owned business; or is located in a historically underutilized business zone (HUB zone).
It is a win-win situation for small businesses in Maryland according to Angie Barnett, CEO and president of the Better Business Bureau (BBB) of Greater Maryland, in this Greater Maryland BBB press release. “It was a unique opportunity to pursue measures that support Maryland-based cybersecurity companies, while helping all sectors of the state’s small-business economy,” explains Barnett. “The tax credits make it more affordable for companies to purchase products and services to help protect business continuity and customer data.”