Small business increasingly a cyber thug’s target.
As we start 2022, we need to take stock of 2021 and how the cybersecurity events of this year will affect the new year for small businesses. The year 2021 has been eventful for cybersecurity. There are three small business cybersecurity trends to watch.
Let’s do a quick review. The year 2021 was when data breaches went mainstream covered on both national and local news stages. These breaches affected all of us in one way or another through not being able to buy gas to increased likelihood of identity theft.
For example, the year started with one of the biggest American insurance companies CNA Financial, having its systems ransomed. Then there was Colonial Pipeline that provides the East Coast with gas shut down due to a ransomware attack causing gas storages. Soon after the Colonial Pipeline attack, the largest food processor, JBS USA, stopped production thanks to a ransomware attack. Soon afterward, Kaseya, which provides managed service providers with IT management tools, was hit with a ransomware attack that filtered from them to managed service providers to their customers, affecting many small businesses. Then, in the fall, T-Mobile and AT&T suffered data breaches involving their customer data, including many small businesses owners. And most recently, the domain and hosting giant GoDaddy sustained a data breach.
The 2021 statistics aren’t complete yet, but 2020 data showed a grim picture as:
- There was a 40% surge in global ransomware.
- Phishing was the most reported internet crime to the FBI.
- 47% of cybercrime victims lose money.
- Business email compromise experienced a loss of $1,866,642,107.
- To recover from a cyberattack takes an average of 6.7 hours to resolve, which globally equals an estimated 2.7 billion hours lost in total.
Small Businesses are the Easy Target
While all of these big cyberattacks were happening, millions of small businesses were victims of cybercriminals at the same time, with devastating effects.
Tom Hickman, Chief Product Officer, ThreatX, shared that he believes that in 2022, the targets will change in the way that criminals will begin to pay more attention to smaller organizations demanding much smaller sums of ransom like $2,000, enabling attackers to avoid encounters with law enforcement and risk of going to jail.
I agree with him. This change of tactic will hurt small businesses considerably and hamper law enforcement. Small organizations are the low-hanging fruit without the security teams, lawyers, and access to large amounts of cash. And with the cyber thugs asking for smaller liquid amounts, they will get away with it.
View Ahead for 2022
As we switch from 2021 to 2022, let’s look at three small business cybersecurity trends we need to be aware of in the new year for small businesses:
Ransomware. It is not going away since it is easy money for cybercriminals. Using 2020 data, the U.S. saw 145.2 million ransomware hits in 2020, a 139% increase over 2019. I see ransomware continue to be a considerable threat to small businesses, but with the added danger of triple extortion. That’s where the criminals not only ransom the small business but contact their customers and third parties, demanding payment or their information will be released.
Insurance. Cyber insurance policies are changing as the market matures. As a result, the finer details regarding what one policy may cover can differ from another, depending on several factors. In addition, given the rapidly changing landscape of cyber attacks, the insurance market is in flux, and insurancers are now requiring more for their customers regarding their cyber hygiene practices. For example, in 2021, Lloyd’s of London adjusted their policies not to pay ransoms anymore. This development could signal significant changes in the insurance industry.
Legislative. As cyberattacks start to affect millions of people in every walk of life regularly, there will be increased scrutiny around ransomware resulting in more action by governments. For example, it is already illegal to pay cyber ransoms; however, look for more comprehensive legislation to be proposed and passed in 2022. Another area to watch is data protection legislation. Many states are following California and New York, creating state-specific data protection acts. Finally, small businesses need to be aware of how legislation affects their ability to conduct business as small local businesses compete nationally and globally.
The takeaway for small business cybersecurity trends for 2022 is cybersecurity needs to be a priority where solid cyber hygiene and preparation are essential to mitigate the expanding threats.
Need help in getting started? Let’s talk.