2021 Mid-Year Cybercrime Report Highlights Seriousness of Small Business Data Breaches
Sontiq recently analyzed its own data to assess the state of cybercrime in 2021, focusing on the biggest data breaches, trending crimes, and key risks in the first half of the year. One takeaway from the Mid-Year 2021 Cybercrime Report was crystal clear: the data breaches that posed the biggest risk to consumers in 2021 were the result of attacks on small businesses.
Whereas large enterprises were once the main focus of cybercriminals’ attention, small and mid-sized businesses (SMBs) are now a hot target for cyberattacks. As a growing trend, 69% of cyberattacks now target SMBs. These companies are accumulating and storing large amounts of digital customer data, and hackers are quickly capitalizing on the vast new cyber vulnerabilities in the SMB market.
Owners and employees of SMBs are wise to stay current on cybercrime trends and take proactive steps to protect their company and customers.
The Nine Riskiest SMB Data Breaches of 2021
For the mid-year report, Sontiq analyzed publicly reported data breaches in 2021 to determine which posed the most serious risks to consumers using its BreachIQ TM product. BreachIQ is powered by a patented, AI-driven algorithm that analyzes more than 1,300 data points of a data breach. It assesses the risk level of each breach and assigns a 1-10 score, with a score of 10 representing the highest level of risk.
Every top breach in the first half of 2021 impacted small businesses with 300 employees or less. Criminals have taken note of the year’s increased opportunities fueled by the biggest legacy of COVID-19— remote work. This, combined with the proliferation of digital transactions since the start of the pandemic, has made SMB attacks extremely lucrative to threat actors.
Smaller, less-publicized data breaches are becoming increasingly serious. Unfortunately for the victims, the stolen personally identifiable information (PII) from those breaches raises the threat of future cyber fraud. Further complicating matters, these smaller-scale data breaches often fly under the radar, leaving most consumers unaware of the potential danger they face.
The nine data breaches identified by BreachIQ to have compromised the most significant levels of personal information are:
- Colorado Retina Associates, P.C., Denver, CO – BreachIQ Score: 10
- JLA Professional Services, LLC, Aurora, CO – BreachIQ Score: 10
- Light Tower Financial Strategies, Marblehead, MA – BreachIQ Score: 10
- Maine Drilling and Blasting, Suwanee, GA – BreachIQ Score: 10
- Personal Touch Holding Corp., Lake Success, NY – BreachIQ Score: 10
- Phillip Galyen P.C., Bedford, TX – BreachIQ Score: 9
- Astoria Company LLC, Wilmington, DE – BreachIQ Score: 9
- Overseas Services Corporation, West Palm Beach, FL – BreachIQ Score: 9
- Rehoboth McKinley Christian Health Care Services, Gallup, NM – BreachIQ Score: 9
Four Key Steps Every SMB Should Take to Enhance Their Privacy & Security
Most small businesses aren’t well-prepared to deal with cyberattacks, and ramifications for both the company and its customers are serious. The average cost of a small business cybersecurity incident is $120,000 – and that doesn’t include reputational damage and loss of trust by customers. It’s no wonder that approximately 60% of small businesses close in the six months following a cyber incident.
In the face of these startling statistics, here are simple, affordable, and responsible steps small businesses can take today to become better prepared.
- Make sure everyone who accesses company systems is educated on good cybersecurity practices. Employees can unintentionally become gateways for cyberattacks when their personal information is breached. They may not even realize they’ve been the victim of a data breach, but it happens twice a year, on average. Practices should include implementing good password hygiene, using secured internet networks (not public wi-fi), being able to identify phishing scams, and being cautious about social media quizzes or sharing PII on social media.
- Set up two-factor authentication, an easy additional layer of security every small business should implement. Even if a hacker illicitly gains a set of log-in credentials to your system, they will not have access to the second piece of authentication, which can prevent them from gaining entry.
- Start using a defense app that protects and detects vulnerabilities from employee personal devices. This is a common entry point for malicious attacks, with more employees working remotely and using personal devices to connect to company systems.
- Obtain cyber insurance coverage from a knowledgeable provider that understands the specific concerns of small businesses. These plans can include important services such as forensic investigation and cyber incident response, which connects your customers with 24/7 expert help if your business experiences a cyber threat that impacts them.
Bottom line: small businesses can’t afford to wait until the worst happens to take action. For the sake of your business, your employees, and your customers, taking these proactive steps will put you on the path to a better cybersecurity approach.