Why would a cyber hacker waste his time with my small business?

Image by Michael Giuffrida for Computer securityWhile small and mediums sized business cyber attacks are on the rise, there are still many business owners who can’t understand why a hacker would even bother with their small business.  There are a few reasons we will explore which should make it clear that not only are SMBs in the cross-hairs of threat actors but they are the MOST LIKELY target.

  1. To begin, hackers are inherently lazy.  They want to find the fastest way to make the most amount of money with the least amount of effort.  There is a reason that the phrase “stealing candy from a baby” exists.  Babies have little to no defenses, so the crime would be much easier than stealing from a Navy Seal, right?  Unfortunately, small and medium sized businesses are the babies of cyber defenses in the commercial world.  Managed cyber security providers have focused on the larger companies which have made it difficult for smaller organization to obtain or even afford the proper layers of defense.
  2. When an attack happens, it will usually take a smaller organization  longer to detect it as traditionally they do not have as many tools for monitoring and detecting attacks, even if they do have some tools for preventing them.  This allows a hacker to spread their malicious code throughout the entire network before anyone notices.  If they then launch a ransomware attack and ask for ransom per workstation, it could add up very quickly.
  3. Statistics show that many small businesses go out of business after a major attack.  Because of this, smaller organizations are likely to simply roll over and pay ransom without putting up much of a fight just to get on with business.  A 2-4 week business interruption in a small organization could mean ultimate demise.
  4. While smaller organizations likely have less data than large corporate entities if it is easy enough to get in and take it, as we have discussed above, all they need to do is steal from many small organizations and aggregate the data for sale on the dark web.  This is less work and just as lucrative as stealing a single large data set.

These reasons make it critical for SMBs to make sure that they use  a layered approach to cyber security making it more difficult for a hacker to achieve their goal.  If you can dissuade them a little, they will move on to easier targets.


Michael Giuffrida from Southington CT has been operating businesses since 1997.  He is an experienced entrepreneur in business management, profitable growth, business valuation, mergers and acquisitions, and information technology managed services.

Leave a Reply

Your email address will not be published. Required fields are marked *

*