Are SMBs Facing Organized Cybercrime?

Reading time: 6 min
Share this Share on email Share on twitter Share on linkedin Share on facebook

SMBs growth by far surpasses enterprise growth, last year reaching a compound annual growth rate (CAGR) of 32% when large enterprises explored opportunities to split. Consequently, entrepreneurs have realized that it’s becoming increasingly difficult to build businesses, and that technologies can be easily incorporated.

At the same time, cybercrime is estimated to cost businesses over $2.1 trillion by 2019, a key driver being business infrastructures that become more interconnected. Estimated to exceed $150 million by 2020, the average cost of a data breach is also predicted to increase, especially because professionalism in cybercrime is rising, and point-and-click cybercrime products are being sold to the highest bidder.

Why are SMBs a Ripe Target?

SMBs are all about quickly adopting cloud and technologies for maximum results with minimum costs. To this end, they can boost traffic by using cloud platforms and tapping social media platforms to boost sales. While integrating technologies helps make more sales as early adopting customers usually respond well to changes, cybercriminals often exploit these technologies, which are sometimes improperly tested, to access customer data.

There’s also the use of BYOD, which is usually a Millennial-imposed standard in supporting work-from-home. While large companies have strict policies about bringing your own devices, SMB security policies are usually lax and fully support any type of personal devices as long as employees give 100 percent. Consequently, the balance between security and productivity is always tipped in favor of the latter.

With minimum manpower invested in IT infrastructure or security, SMBs usually focus on driving sales and generating revenue, rather than protecting and securing their customer’s personal or transactional data. Coupled with new and sometimes untested technologies, SMBs usually build great customer experiences, but with security implications rarely in mind.

More than two thirds of the 23 million SMBs in the United States in 2013 contributed almost $7.5 trillion to the economy. This turns them into extremely profitable targets for cybercriminals, as they’re usually not really concerned with security and sometimes deal with large volumes of customers.

What is Organized Cybercrime?

Organized cybercrime is the term used to describe malware developers who sell their services to the highest bidder. The security industry calls it malware-as-a-service, but average users can look at them as outsourcing companies that create custom-built threats for their clients.

With extremely versatile business models and great customer support, organized cybercrime also makes profit by offering malware “starter kits” even to non-tech-savvy customers, offering documentation and free samples to “sweeten” the deal.

One reason it’s organized is that we’re no longer dealing with single rogue malware developers who aim to make a name for themselves by creating some elaborate or destructive piece of malware. Threats nowadays are highly targeted, and the development process usually involves an entire team, starting from a project manager to highly skilled developers who code different modules.

With money at the heart of organized cybercrime, SMBs can be considered likely candidates for attacks as they’re the ones constantly working with valuable data – customer names, credit cards, and other personally identifiable information – and have poor security mechanism in place.

Another aspect of organized crime is that once an SMB is breached and all data is siphoned out, they also have the right underground network for selling the information and turning a profit. Because SMBs also often demonstrate inaction over cyberattacks or data breaches believing that they’re one-time incidents, cybercriminals often return to the same target exploiting the same vulnerabilities.

Can SMBs Do Something About it?

Just like any other challenge, SMBs need to start realizing that they have a problem. Admitting you have security shortcomings is the first step towards doing something about it. While implementing security policies as rigorous as the ones enforced by large organizations might seem difficult and might also require bigger security budgets, it’s an investment that will pay off on the long run.

Making use of protective cybercrime security mechanisms might not only save their business, but also offer customers an extra sense of security when working with SMBs. While growing the business is always a good plan, without proper security mechanisms in place that business will not last long, as cybercriminals can and will cash out for every penny you’ve got.

 continuous sec