We hear about cyber attacks and data breaches on the news every day. However, the most publicized are usually the biggest and the baddest of the cyber crimes. We all hear about it when companies like Uber, Apple, Amazon or the Canadian banks get hacked. If you are running a small business, beware; you are indeed a potential target.
As a show of how powerful these hackers can become with these attacks: Uber actually kept the data breach a secret for more than a year after it occurred. They even ended up paying a $100 000 USD ransom to the hackers, according to the New York Times.
This is simply, and unfortunately, not true at all. There are many reasons for them to target small businesses. In fact, hackers perform cyber attacks on small businesses quite often- studies show that over 60% of cyber attacks are on small businesses.
Since small businesses don’t usually have the capital or funding required to keep up with security, they are the most vulnerable of all. In fact, over 60% of small to mid-sized businesses will fail within 6 months of experiencing a cyber attack, according to the National Cyber Security Alliance. They also found that more than 60% of cyber attacks deliberately target small businesses, and nearly half of all small businesses have already experienced a cyber attack.
Ginni Rometty, Chairperson, President and CEO of IBM stated:
“…cybercrime, by definition, is the greatest threat to every profession, every industry, every company in the world.”
When hackers obtain credit card information, the owner of the card generally cancels the service very soon. Credit card companies and banks are doing more to help their customers monitor their credit accounts, however this is not where the threat ends. Aside from credit card information, scam artists can find ways to obtain other sensitive information. By getting their hands on other details, such as full names, home addresses, email addresses, and of course, social media profiles- these hackers make identity theft a very possible threat.
Since most hackers are opportunists who don’t want to take any unnecessary risks, smaller organizations are the perfect target because they don’t take security seriously enough.
Privacy laws have been changing drastically over the past decade. With the acceleration of technological development, and the sheer number of people online, the laws needed to adjust to stay relevant. Canadian companies have to publicly disclose any data breaches. The Personal Information Protection and Electronic Documents Act, or PIPEDA, has been adjusted, and now (as of November 1st, 2018) requires a certain level of response to data breaches, including enhanced record-keeping, reporting and notification.
Although this is a good step in the right direction for consumers, this could severely damage the reputation of a business. Small businesses are likely to go out of business within 6 months, if the data breach is bad enough. It can take consumers years to recover from identity theft; after this type of breach, they will not feel so comfortable with the company. It can take years for a small business to recover from a data breach…if they ever recover at all. Firms that operate unprotected face huge potential risks, and will inevitably face increasing data breach-related costs.
Canadian businesses are lacking when it comes to keeping up with the pace of technology. Cyber crime is everywhere, and progressing at lightning speed. In the meantime, Canadian companies are very slowly becoming aware of the risks. There are only 3 countries in the world that have been attacked more than Canada: USA, Germany and the UK- in that order. Hackers are not necessarily the imagined, rogue-like, technical geniuses from the movies. They range from nation states to organized crime. They could be terrorist groups, journalists, disaffected current/ former employees, amateurs- just about anyone!