Updated: Feb 26
Can Your SMB Survive a Cyberattack?
There is a cyber-attack every 39 seconds
There are at least 350,000 instances of new malware detected every day
Cybercrime is more profitable than the global illegal drug trade
Prosecution for cybercrime is 0.05 percent
Cybercrime worth $1.5 trillion per year globally
This article considers business competitors hiring hackers to take down their opponents. It is important for SMBs, a highly targeted group, to take security seriously. If competition doesn’t kill your business, one cyber attack certainly will. If SMBs survive the pandemic, can they survive cyber-attacks?
Killing the Competition
Hostile takeovers are nothing new. They are not nice nor moral but are perfectly legal, nonetheless. In July 2020, Apple, Facebook, Google, and Amazon CEOs appeared in an anti-trust congressional hearing to defend allegations they use tactics against competitors to prevent a fair market; and from having too much market power. It was reported Amazon offered to buy their number one competitive business, diapers.com, but was refused.
So, Amazon did what any corporate giant would and sold diapers at ‘predatory pricing’—well below ROI, taking a $200 million loss—just to drive out the competitor. The diaper company, owned by Quidsi, Inc., succumbed to the acquisition of its entire organization.
It is despicable to me that such a huge conglomerate such as Amazon would stoop so low. I remember, however, when Walmart did the same thing to small-town grocery stores across America. Yet, Walmart now supports the prosecution to take down Amazon.
It was a huge campaign to build as many Walmart stores as there are convenience stores, one on every corner if they had to, so they could be the only place people would go shopping for groceries.
Sadly, thousands of small businesses closed permanently leaving only the empty shells as a reminder of what once was. Walmart now provides 30-70% of groceries or 1 of every $4 spent on groceries is at Walmart.
What If Big Corps Hire Hackers?
In 2017, a letter was made public accusing Uber of using a number of cyberattacks on its competitors.
In 2016, a ransomware gang reported they were hired by a Fortune 500 company to hack its competition.
In 2020, a case in court found NAAIP hired a hacker to steal trade secrets from a competitor, Compulife Software
In 2005, an entrepreneur and a hacker were arrested for sabotaging a competitor
Hackers have come a long way from the kid in the hoody breaking into accounts and businesses for fun and anarchy.
Hacking is a full-scale thriving business. The typical stereotype for a hacker is a lazy, worthless guy, that won’t get a job. He spends his days playing video games and his nights stealing from innocent people such as the elderly and the cyber ignorant, by running scams and stealing passwords.
Nothing could be further from the truth. Hackers today consists of teams, groups, and nations, are male and female, backed by corporations, politicians, and governments. It is a big business that racks in billions annually. Groups are for hire for ethical and not so ethical hacking.
Today, businesses of all sorts are hacked. It is the fastest-growing criminal activity set to cost businesses $5.2 trillion within 5 years. The number of businesses attacked grows exponentially. The actual numbers could be greater because a large percentage of those hacked—businesses and individuals alike—do not report it.
Here is where it gets ugly: small businesses go largely under-protected and often have no cybersecurity protection at all.
It is unclear if it is due to lack of funding or insight or both, the fact is that 43% of small businesses are targeted for a cyberattack, while only 14% are prepared. Sadly, 60% go out of business after falling victim.
If you put the two together, the picture becomes quite clear: the beneficiary is the competitor. Before we go there, though, let’s look at another point.
The pandemic of COVID-19 not only has killed hundreds of thousands of people, but it has also killed small businesses. Statistics show in April 2020, over 20.5 million people lost their jobs pushing unemployment to 14.7%, the highest since the Great Depression.
It is estimated that nearly 4 million small businesses will be lost by the end of 2020.
While this is sad for all those affected negatively, it is a huge win for their larger competitors. Companies with big money do not just stay afloat but capitalize on the misfortune of others. Less competition means more business for them and you can bet they jumped on this opportunity at the beginning.
Sure, they did their diligence of announcing what good Samaritans they are by donating to the needy. But do not let naivete` grip your conscious into thinking they did not take advantage of the situation. Big business is big because the leaders understand opportunities and what to do with them. It’s just business—it may not be nice—but it is business.
What Is Normal?
Only a low percentage of small businesses are slowly returning to normal. They were hit hard, and funds are sparse.
Cybersecurity is not high on the list of ‘must-haves’ when the company is struggling to make ends meet. Corners had to be cut, employees are still laid off or let go permanently. How vulnerable is that?
It is no wonder small businesses have become high targets for cyberattacks. By June 2020, 13% of small businesses reported they had been attacked. After the pandemic hit, workers primarily were remote or hybrid, going to the office only if it were necessary to the survival of the business.
Attackers found it easy to gain access to networks via emails and targeting HR personnel. SMBs (small and mid-sized businesses) have less cybersecurity protection that made them the easiest targets.
Add to it that most home networks have little to no protection beyond anti-virus software and easy or no passwords.
As nefarious as it sounds, hiring hacker teams or individuals to attack an SMB competitor is not a far-fetched notion. Governments do it to other countries, political parties hack opponents, and competitors hack their competition.
There are tales of reasons behind their actions: prevent nuclear war, discover political misconduct, protect a country’s citizens, reveal sinister plans. Call it spying or business, as usual, knowing what your ‘enemy’ is doing has been quid pro quo for an awfully long time.
Hacking for Hire
is no different. Kaspersky Labs state that one can hire a hacker to perform a DDoS attack for as little as $7 for five minutes to $30 for a day.
Depending on the target and the level of security, the price can go up to $400 or more per day. That is still a drop-in-the-bucket compared to the costs for the victim.
Imagine what denying service to customers on a Black Friday sales day would cost the top stores like Best Buy, Macy’s, Target, Walmart, and Kohls.
It is easy to see how a competitor would benefit from such an attack.
Says Denis Makrushin, Security Researcher at Kaspersky Labs, “That’s why, as long as there are vulnerable servers, computers and IoT devices connected to the Internet, and many companies prefer not to invest in security against DDoS attacks, we can expect the profitability of DDoS attacks to continue growing, along with their complexity and frequency.”
Secure It or Not
Driving a car requires a State Driver’s License and auto insurance. You can drive without either or both, but if you are caught, you will pay the price which is usually in fines and impoundment of the vehicle. You lose twice.
Operating a business without cybersecurity to protect your investments and assets, will eventually cost you a great deal of cash, property, and maybe even ruin your business permanently.
CIA in B2B and B2C
Businesses build their brand by generating trust from their customers. The customer relies on the business to keep their personal information secure as they continue to do business with them. The company sells a quality product, and the customer buys in good faith to get what they paid for and be able to return for more.
This is precisely what the cybersecurity model strives to protect: Confidentiality, Integrity, and Availability. Regardless of the type of business, these things are essential to every company for their business and their customers.
is essential to protect sensitive information, that of the customer and the business itself. Business secrets, designs, concepts, databases, and personal data all come under this category.
In Europe, the GDPR, General Data Protection Regulation, has adopted a regulation in regards to consumers requiring companies (world-wide) to reasonably protect EU residents’ PII (personally identifiable information) which includes any data that can be used to identify a specific individual. This went into effect on May 25, 2018.
Each state in the US has its own policies regarding privacy and therefore, SMBs would come under those regulations specifically.
is arguably the most important security service in the design of business applications. Integrity guarantees that all data stored and sent has not been tampered with by unauthorized users. Loss of integrity in data can occur through human error, unintended transfers, malware, and attack.
As with the customer that buys a shovel, they get a shovel, not a fork. For a business to consumer (B2C), this would follow FTC laws for “false advertisement.” Intentional or not, the SMB is the primary fault barer.
of service is important for business and consumers. If the business operates online and the service is interrupted, it is costly. If files are held for ransom which is rarely, if ever, ‘released’ once payment is made, then having recorded data backups is essential.
I once worked in a research and development center that was attacked by ransomware. This company had just over 2000 employees, each with their own devices, mainly phone and laptop. Only one-third of the company was impacted. I do not know if they paid the ransom or not. I do know it took three weeks to recover fully from the attack.
The point I make is SMBs need to cover these three bases, C-I-A, to guard their investment. Confidentiality of business-sensitive information, Integrity of data stored and transferred, and Availability of resources and systems within the business.
SMBs must take security seriously and be pro-active in safeguarding their assets from hackers. Hackers are not caught very often, less than 1%. The likelihood of proving a competitor hired a hacker to take down a company is even less.
While cybersecurity cannot protect against price wars, it can help protect against cyber-attack and keep the business in business to do business as intended.
Get your business a full assessment by a qualified consultant to guide you into securing your assets and keep your dream alive. Don’t let anyone steal your investments by doing nothing.
If you are interested in more cybercrime, check out Steve Morgan at Cybercrime Magazine https://www.linkedin.com/company/cybercrime-magazine/?lipi=urn%3Ali%3Apage%3Ad_flagship3_profile_view_base%3BeDMM4e35SAmxgKsN65M%2FBQ%3D%3D&licu=urn%3Ali%3Acontrol%3Ad_flagship3_profile_view_base-background_details_company