An estimated half to three-quarters of ransomware attacks target small and medium-sized businesses.

These numbers are alarming when 60 percent of small businesses aren't prepared to handle a cyber attack as they don't think they'll become a victim, according to Secretary of Homeland Security Alejandro N. Mayorkas during a webinar hosted in May by the U.S. Chamber of Commerce.

Mayorkas shared that the overall rate of such attacks increased by more than 300 percent compared to the year prior.

“Small businesses comprise the backbone of our nation's economy, and it is perhaps for that very reason that individuals who seek to pose a threat to our nation — who employ cyber tools (like) ransomware as the vehicle for realizing that threat — target small businesses as extensively as they do,” Mayorkas said. 

(Ransomware is malware that aims to encrypt files on a device, causing any files and systems that rely on them to become useless. Essentially a hostage situation, hackers demand that businesses pay a ransom if they want their information or data returned.)

Businesses Forced to Adapt Quickly; Now Vulnerable

Small businesses have had to adapt quickly, rushing to change their operations to accommodate the current environment, such as turning to remote work and expanding their e-commerce abilities. Subsequently, it has increased their likelihood of experiencing cybercrimes such as ransomware and phishing attacks.

Hiscox, an international insurance provider, released a report in May that stated that nearly a quarter of small businesses experienced a cyber attack at least once over the past year – accumulating an average annual cost of about $25,000.

"With 63% of the small business workforce now working remotely, over half (53%) of U.S. small businesses believe they are more vulnerable to cyber attacks," according to the Hiscox's Cyber Readiness Report 2021.'

That number trended higher in a U.S. Small Business Administration (SBA) survey, where 88 percent of small business owners thought they were vulnerable to a cyber attack. On top of feeling helpless, small businesses lack the funds and I.T. resources to devote to securing their data and networks.

Some Small Businesses Remain Skeptical

Even with the uptick in ransomware and phishing reports, many small businesses remain skeptical of the likelihood of a cyber attack. Unfortunately, it is because that they’re so small that makes them appealing to hackers.

"Small businesses are attractive targets because they have information that cybercriminals want, and they typically lack the security infrastructure of larger businesses," according to the SBA's site.

More than 40 percent of all fraud and breach reports involve small to medium-sized businesses, according to Verizon's Data Breach Investigations Report.

The report cites the following reasons as to why small businesses are attractive targets for cybercriminals:

• It's easier to identify security weaknesses in their network.
• The payoff is substantial as it likely results in ransom payments, stolen credit card information, or bank account numbers, enabling hackers to funnel cash quickly.
• Large corporations and government agencies pose an increased risk as they invest millions of dollars in sophisticated technological defenses.

“SMEs face most of the same threats,” the report states. “However, most SMEs don't have the means to make anywhere near the investment required to implement comprehensive protection, leaving significant risk uncovered.”

Protecting Your Business from Ransomware Attacks

The steep rise in cybercrimes, particularly ransomware attacks, has made it clear why cyber readiness is critical.

According to the U.S. Cybersecurity & Infrastructure Security Agency's Ransomware Guide, best practices that may help manage the risk from a ransomware or phishing attack include:

• Frequent Data Backups. Remember to maintain encrypted backups of your data offline and test regularly. The critical aspect of keeping and preserving backups offline is that it reduces the chances of a ransomware variant zeroing in and deleting accessible backups. If you maintain offline backups that are current, then there's no need to succumb to hackers' ransom demands.
• Create a plan. Develop and maintain a "basic cyber incident response plan" that outlines communications, including the response and notification processes following an incident. Check out this Ransomware Response Checklist within the guide to ensure you're covering all your bases.
• Implement a training program. A cybersecurity awareness and training program that incorporates guidance on identifying and reporting suspicious activities will help small businesses strengthen their defenses against phishing attacks.

Interested in finding out what resources exist for small business owners aiming to shore up their digital presence and make themselves less of a target by hackers? Here are a few quick but effective articles to help:

• Cybersecurity Best Practices for Your Small Business
• 3 Cybersecurity Resources You Should Know About
• How to Create a Cybersecurity Plan for Your Small Business