In other cases, cybercriminals may attack small businesses in order to access larger companies they do business with, Kaiser said. When hackers gained access to Target in 2013, for example, they did so through the company’s HVAC vendor, Kaiser said.
Nearly 90 percent of businesses reported having put in place some cybersecurity protection, according to the BBB. The most common preventative measures taken were using antivirus protection, which 81 percent of small businesses reported using, and using a firewall.
Although small business may lack the resources and sophistication of larger companies in fending off attacks, that doesn’t mean consumers are necessarily safer when they do business with large firms.
“Equifax is a perfect example of a large sophisticated business, which actually has a significant cybersecurity budget, and yet they were not able to protect themselves,” said Adam Bobrow, chief executive officer of Foresight Resilience Strategies. “You can’t use a company’s size as an indicator of whether it’s going to be cybersecure.”
And small businesses aren’t the only companies facing challenges in recognizing when they have been attacked. On average, companies around the world take 146 days to detect a cyberattack, according to a 2017 report by FireEye and Marsh & McLennan Companies.
Small businesses looking to boost security measures can start with free or low-cost fixes such as updating computers, initiating multifactor authentication for email accounts and providing employees with additional training, Kaiser said.