Attacks on companies like Sony and Lockheed Martin and Citi Group get the bulk of the press. But just because global corporations are making the headlines doesn't mean that smaller businesses are immune to outside threats.
Small companies get attacked, too, an article from The Wall Street Journal highlighted. The article, interviewing a small business owner whose payment system was hacked, stated:
[The business owner's] experience highlights a growing threat to small businesses. Hackers are expanding their sights beyond multinationals to include any business that stores data in electronic form. Small companies, which are making the leap to computerized systems and digital records, have now become hackers' main target.
A few months ago, the FBI warned small businesses about phishing attacks that were geared toward small businesses and were focused on financials.https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=i
Why would hackers focus on small businesses?
Because most small businesses have limited technology and security budgets and may not even have a security person on staff. Instead, some use a third-party contractor to come in and take care of things when needed. And small businesses have financial transactions and sensitive data to store. As the WSJ article pointed out:
In 2010, the U.S. Secret Service and Verizon Communications Inc.'s forensic analysis unit, which investigates attacks, responded to a combined 761 data breaches, up from 141 in 2009. Of those, 482, or 63%, were at companies with 100 employees or fewer. Visa Inc. estimates about 95% of the credit-card data breaches it discovers are on its smallest business customers.
The technology is out there to protect business information, but according to an article at Knowledge@Wharton, information in cyberspace is still going to get hacked:
The bad guys aren't successful because organizations don't have the technology. It's really about using, deploying and configuring the basic things we've been doing for years. ... [S]ecurity analysts should devote more time to following up on their efforts in order to get a better sense of what actually works.