While checking email, an employee of a small online retailer clicked a link, thinking it led to a popular shopping site. Instead, the entire company’s system became infected with Crytowall malware.
Hackers now had access to customer accounts with information like credit card numbers and social security numbers, as well as names and addresses—everything needed to steal identities.
Soon the retailer received a demand for $50,000 in ransom money. If the company paid, it would receive a decryption key to unlock its system. Management couldn’t figure any other way around the attack, so the ransom was paid. Then the key didn’t work. Eventually, this online business was forced to close because the owner couldn’t afford to rebuild his entire network system.
Know the Risks
Sixty percent of small businesses that experience a cyberattack close their doors after six months, reports the U.S. National Cyber Security Alliance. The cost for repair and recovery from an attack averages $690,000 for small companies and $1 million for medium-sized businesses, according to the Ponemon Institute.
Before a repair can be completed, much can be lost. Orders aren’t shipped, customers relying on product can’t wait and look elsewhere, and business is at a standstill. Cyber-attacks are a costly setback whether or not a company pays ransom.
“You’re never going to recapture that revenue,” states Andy Takacs, chief technology officer at Zumasys in Irvine, CA. “Maybe you’ll get the business back eventually, but you’ll never recover the business you lost because of the security breach.”
Owners and managers who think this will never happen to them—perhaps because their company is too small—should know hackers consider such businesses their best targets because many don’t have adequate or expensive security protection.
This is why it’s so important to have the necessary protections in place to prevent system breaches and reduce exposure, whether intentional or otherwise. It’s not a question of if it will happen, but when, according to Tom LaMantia, managing director and cofounder of Magenium Solutions in Glen Ellyn, IL, near Chicago.
Staying in Control
There are a number of safeguards businesses can take to make themselves less attractive to hackers or anyone intent on doing harm. Options include hiring a consultant who specializes in risk assessment or buying cyber security insurance coverage.