Small business cybersecurity threats have become so common that the average website was attacked 44 times a day in the fourth quarter of 2017, according to a recent research study.
No Target Is Too Small for Cybercriminals
The report’s authors noted that there’s no such thing as an organization that’s “too small to be hacked.” They suggested that attacks against these organizations may be on the rise due to the proliferation of websites built with dynamic, database-driven applications, such as WordPress and Joomla, rather than static HTML. The relatively small number of files used to serve content means that a single vulnerability could create major opportunities for cybercriminals.
In general, WordPress sites using plugins were twice as likely to be compromised as non-CMS sites. In addition, the report illustrated the importance of keeping patches up to date, noting that 55 percent of infected WordPress sites were not running the current, most secure version.
Based on its analysis of more than 6 million websites, SiteLock concluded that small business cybersecurity risks increase as more social media connections, complex themes and other features are added to a website. These high-risk sites are 27 times more likely to be compromised, according to the report.
The nature of those risks are beginning to look a lot like those facing large enterprises: 25 percent of the threats blocked in the fourth quarter of 2017 were distributed denial-of-service (DDoS) attacks.
Shining a Spotlight on Small Business Cybersecurity
SiteLock isn’t alone in trying to raise awareness about small business cybersecurity threats. Verizon’s “2017 Data Breach Investigation Report” revealed that 61 percent of cyberattacks target small businesses. A report from the U.S. Securities and Exchange Commission (SEC), meanwhile, suggested that half of small businesses go out of business within six months of suffering a cybersecurity attack.
A cyberattack can devastate a small business. As small business security threats become more likely, companies need to make sure they are implementing proper security controls.