How COVID-19 has made small businesses more vulnerable to cyberattacks – Security Magazine

Image from Unsplash
COVID-19 saw an unprecedented number of companies move online for the first time. However, the pandemic also strained budgets, exposed serious gaps in tech skills, and highlighted the fact that many businesses are unprepared to meet the modern demands of cybersecurity.
In pre-pandemic times, data privacy and insurance against cyberattacks were more prominent in high-risk industries like healthcare, finance or information technology (IT), but the boom in online business means that is no longer the case.
Different sectors adapted quickly. Many companies embraced remote work, started e-commerce operations, and transitioned their daily duties online. Unfortunately, in that rush, security was not the top priority for many small businesses trying to stay afloat.
Over the past two years, attacks on small and mid-sized companies have increased by 150%, while also growing in sophistication. Many businesses have not kept pace, and that lack of knowledge has left them vulnerable.
For smaller companies, the problem stems from a lack of assets and expertise. Small and medium-sized businesses usually don’t have dedicated cybersecurity experts to keep their systems secure. In fact, less than 10% of companies with fewer than 50 employees have dedicated financial resources for cybersecurity. 
As a result, developing a secure online presence can be challenging, since it often requires expensive tools and well-trained professionals.
The rise of remote work has also given huge numbers of personal devices (mobiles, tablets and laptops) access to sensitive information. Unfortunately, many employers do not require regular scans of their phones and laptops for malware and other vulnerabilities, if they do at all. Plus, few small businesses can afford to provide access to secure working VPNs or password management software, while home Wi-Fi networks are often prone to attacks.
Simply put, the remote working environment does not offer the level of protection businesses need to operate safely. Cybercriminals commonly look for gaps in data protection with ransomware — threatening to leak private data, or denying access to vital computer files until the ransom is paid.
Recent, high-profile examples include malware like TeslaCrypt or Cryptowall, which encrypts sensitive data and demands payment in crypto currency in return. All of this points to the idea that cyberattacks are becoming more sophisticated. Social engineering, machine learning malware, and other complex attacks became much more common, reaching 35% of all security breaches during the pandemic. 
Since these kinds of attacks require a custom response from security experts, small and medium online businesses quickly became easy targets during the pandemic.
Though the pandemic has come to an end, small and mid-sized businesses are more vulnerable to data breaches now than in 2019 because the same remote-working habits from the lockdown remain in practice to this day. The expanded use of unsecured networks and cloud solutions leaves more room for malicious attacks. If the current pace continues, it is predicted that small businesses could be attacked between 56,000 and 86,000 times in 2022.
When the pandemic hit, companies of all sizes focused on survival. So, it is natural that among small and medium sized businesses, employee computer literacy and online safety training were not prioritized. In fact, cybersecurity ranks among the lowest priorities for small businesses even as we move out of the pandemic.
Lost customers is one thing, but the potential damages of a cyberattack could bankrupt a small business. Hefty payouts, lawsuits and criminal investigations are all common outcomes too. So, the best prevention is to work to bolster cybersecurity before an attack occurs.
No matter the size of the company, cybersecurity and data privacy are two of the most pressing issues faced by every business today. The difference is that large businesses and enterprises will almost always have the assets to weather the storm.
It’s no surprise that small and mid-sized businesses were hit the hardest during the pandemic, and the ones that did make it through are now facing a renewed threat to their operational survival in cybersecurity.
As small and midsize businesses grow, they become an increasingly valuable target for cybercrime. Now is the time to invest in cybersecurity to protect small businesses and user data.
Subscribe to Security Magazine
Egidijus Navardauskas is the Head of Cyber Security at Hostinger. With over a decade of experience in information technology and security, Navardauskas currently oversees company-wide security practices and controls. Navardauskas’ main competencies include risk management, security awareness, incident response, vulnerability management, developing and implementing security strategies, policies and tools to keep organizations as safe as possible from threats to their network, systems, client data and other digital resources.
You must have JavaScript enabled to enjoy a limited number of articles over the next 30 days.
Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company. Interested in participating in our Sponsored Content section? Contact your local rep.
SEC shooter detection webinar
As America begins to put the COVID-19 pandemic behind it and return to normal, what effects will this have on the security industry? 
Using cybersecurity metrics can prove your value as a function, but where do you start?
 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 
Copyright ©2022. All Rights Reserved BNP Media.
Design, CMS, Hosting & Web Development :: ePublishing

source

Leave a Comment