We hear from many small organizations that believe they are too small to be affected by cybercriminals and data breaches.  The unfortunate reality is that over 60% of cyber-attacks are against small organizations directly, and even the massive breaches that you hear about in the news can have devastating effects on SMBs even if they weren’t attacked directly. 

How often have you signed up for a seminar online using your work email address? And be honest, have you ever used a version of that same password pattern that you use for your windows login on other accounts that you have created?  If this scenario can describe you or any one of your employees, your organization can be greatly affected when a large breaches occurs.

Here’s how…

In one of the most recent enterprise data breaches, Marriott’s compromise affected 327 million people. The exposed information included names, phone numbers, email addresses, passport numbers and dates of birth. Some even had exposed credit card numbers and card expiration dates. If you or one of your employees travels for business and happened to stay at a Starwood or Marriott owned hotel within the past four years, your business data may be at risk. 

Have you heard about the 2012 LinkedIn data breach? Six years ago, a hacker stole 6.5 million encrypted passwords from the site and posted them to a Russian crime forum. Ripple effects from that breach are still happening. To this day, the email and password combinations are being sold on a dark web marketplace. If you or your employees are utilizing the same email address, password, or a version of the password pattern, your business credentials may be for sale on the dark web.

The effects on SMBs…

Studies from the Ponemon Institute show that if a third party causes the breach, costs increase by more than $13 per compromised record with an adjusted average cost of $161 per record. At an SMB scale, if you have 500 compromised records, you could incur costs over $80,000. This amount doesn’t even include the costs incurred from reputation damage. While large organizations can hire high powered PR firms to help mitigate damage, small organizations are impacted at a much greater scale. Most small organizations may live by referrals and trust therefore, the resulting reputation damage can end an SMB. As a result, the risk of a single data breach is 63% higher for SMBs than it is for a larger organization with over 1,000 employees. 

Cybercriminals are smart.  They have figured out ways to monetize many different size and style of breaches and attacks.  From stealing large data sets at places like Marriott, to combining small data sets from many different SMBs that they gained access through a 3rd party breach, they figure out a way to achieve their goals and profit from other organizations’ losses.  Ultimately, no one is exempt from cyber attacks. Whether you are facing side effects from a large scale breach or controlling the aftermath of an internal breach, the end goal remains the same. You must protect your data and minimize damage as efficiently and effectively as possible.

Your next steps…

If you think your credentials may be affected by an enterprise scale data breach, click here to request a dark web search for your company domain. If you are interested in understanding what other types of vulnerabilities your organization may have, click here to request a security study which can give you a more birds eye view of your organization security posture as it related to the NIST Cybersecurity Framework.