If you think your small business is too small to be attacked by cybercriminals, think again. Hackers now run automated, AI-powered cybersecurity attacks that scan the internet for vulnerable systems regardless of company size. Without proper protection in place, you could find your entire business shut down or important data seized by a criminal demanding a ransom.
On this episode of Business Trends Today, we’re joined by Alan Silberberg, CEO of Digijaks Group. Silberberg is also a former White House staffer and cybersecurity expert to the Small Business Administration (SBA), where he helped rewrite the agency’s cybersecurity training program.
Silberberg says small businesses face many of the same cyber risks as large enterprises, but often don’t have the same security in place to protect themselves.
Small businesses, big targets
Many small business owners assume hackers have their sights set on bigger targets, but Silberberg says that thinking is outdated and dangerous.
"It's a numbers game and all they care about is dollars."
Small businesses run many of the same cloud platforms and digital tools as large corporations. That shared infrastructure is exactly what attackers are looking for, he says.
“Most of these companies are using the same sets of tools as the big companies. Maybe they’re configured in different ways, but basically we’re all unfortunately relying on most of the same infrastructure,” Silberberg said.
When hackers scan the internet for vulnerabilities, they don’t filter by company size. A mom-and-pop hardware store using the same software as a Fortune 500 company is just as exposed.
Small businesses also lack the security operations centers that large companies use to catch attacks early. By the time a small company realizes something is wrong it’s often too late.
The AI impact
The cyber threat to small businesses has grown more serious as artificial intelligence gives hackers tools to attack faster and at a larger scale.
Where a hacker might have targeted one or two companies a day in the past, AI-powered automation now allows them to go after hundreds. The way hackers get in is becoming more complex as well. AI tools allow them to fake voices or even create videos to obtain sensitive information, such as logins and passwords.
The dark web has made hiring a hacker cheaper than most business owners realize. Malware is bought and sold online, and some criminal operations even offer customer support.
“Some of these crime syndicates actually have help desks now for their malware. You could pay for malware, insert it, and if you’re trying to hack a bank or whatever, they’ll actually get on the phone with you and help you because they’re making a cut of the profits,” Silberberg said.
The real-world cost of an attack
When a hacker hits a small business, the damage goes beyond the initial attack. Silberberg says operational, financial and reputational costs can add up fast.
Attacks can shut a business down immediately. Hackers may wipe entire systems, deface websites or lock owners out until a ransom is paid. Law firms and medical practices face even higher exposure because their data is more valuable.
“The average cyber attack last year in America cost businesses almost five million dollars to rectify and mitigate, between legal costs, accounting costs, new data, new computers and flushing out the bad guys. And that’s not including ransom costs,” Silberberg said.
Most small businesses make the problem worse by having no response plan in place. Without one, owners are left scrambling for lawyers, IT teams and guidance that larger companies already have on call.
Compliance risks most SMBs overlook
Cybersecurity isn’t just about protecting data. For many businesses, it’s also a legal obligation.
HIPAA, state privacy laws, credit card rules and banking regulations can all apply to smaller companies. Silberberg says many business owners don’t realize they fall under these rules until something goes wrong.
“They think that they’re compliant because they’ve put one piece of it, but they haven’t put the whole architecture in place,” Silberberg said.
Small businesses don’t have to navigate compliance alone. Virtual security operations centers, AI-driven SOC 2 scans and compliance services designed specifically for smaller companies are widely available. Silberberg says a simple internet search can find compliance solutions tailored to businesses of any size.
What business owners need to do now
If there was one thing businesses could do to fight cybercriminals, Silberberg says it’s setting up two-factor authentication.
“I always start with two-factor authentication or multi-factor authentication. If you are locking down every single device and every single software or account that you ever log into for your business, and you’re making all your employees do the same thing, you already have eliminated a big chunk of the problem,” Silberberg said.
Beyond that, he recommends encrypting data at rest. That means any data stored on a device is protected even when the device is not in use.
Keeping software updated is also important. Most updates contain security patches issued in response to newly discovered vulnerabilities.
The biggest mistake, Silberberg says, is waiting to take action. The threat is already here, and it’s not a matter of if, but when your business will be attacked. The key is being prepared before it happens.
“Unless you actually do live in a cave, you are going to be affected in one way or another,” Silberberg said.
For small business owners, the cost of preparation is far lower than the cost of recovery.
Silberberg’s company, Digijaks Group, works with small and midsize businesses on cybersecurity strategy and protection. Visit digijaks.com to learn more.
ASBN, from startup to success, we are your go-to resource for small business news, expert advice, information, and event coverage.
