Member Article

Are cyber criminals getting rich from your business?

Cybercriminals are shifting focus and are now targeting many small businesses. Raj Samani, vice president and chief technical officer for Europe, Middle East and Africa at McAfee, assesses the threat.

We are too small to be the target of cybercrime. This is a recurring message from many small businesses, despite repeated warnings from public and private sector sources that cybercriminals are shifting focus.

A recent report by the Federation of Small Businesses found that ‘cybercrime is costing its 200,000 members a combined £785m a year – or £3,750 for every small business’.

This trend is also being seen across the world; a recent hearing held by the U.S. House Small Business Subcommittee on Health and Technology entitled ‘Protecting Small Businesses Against Emerging and Complex CyberAttacks’referenced a report that found that nearly 60% of small businesses will close within half a year after being victimised by cybercrime.

If we step away from the scary statistics for just one moment, after all that would not apply to your business, right? Well one of the main reasons for the lack of belief is that the sheer effort required to conduct an attack would not generate enough return for the would-be hacker. In other words, the cybercriminal is unlikely to get enough of a Return-On-Investment (ROI) by targeting the small business.

A recent example of a cyber threat targeting a small business is CreditNerds.com, a site that helps consumers repair and improve their credit. The site was infected with malware, and as such, customers were contacting the business because they were receiving warning alerts when accessing the site.

Subsequently, from attracting 10-15 customers per week, the business ended up losing approximately $9,000 in lost revenue. Developing tools to target small businesses have also become considerably inexpensive, and more accessible.

In the recent McAfee White Paper entitled ‘Cybercrime Exposed’, an entire industry of tools and services that allows would-be cyber criminals were outlined. The report presented how using a search engine, anybody could enlist services that could attack a website, or try and ‘hack’ an email address for example without any technical knowledge. Indeed, a DDOS (Distributed Denial-Of-Service) attack only requires the name of the target, and $2 to carry out an attack.

Whilst this may not be a surprise to many, it clearly shows an ROI for targeting small businesses clearly does exist. Moreover, cybercriminals have clearly learnt this, which is why examples such as CreditNerds.com are only one of many victims. Therefore small businesses, much like large enterprises, have to recognise they absolutely have data of value and take measures to address the worrying statistics.

This was posted in Bdaily's Members' News section by McAfee .