Many small business owners think they’re unlikely targets for hackers but, unfortunately, this isn’t the case. According to Verizon’s 2020 Data Breach Investigations Report, 43 percent of cyberattacks are targeted at small businesses yet only 14 percent have put in place the necessary security measures. Research also shows that nearly one in five (18.5 percent) small businesses have been a victim to data breaches or cyberattacks. And according to the National Security Alliance, 60 percent of small businesses close shop within size months of experiencing a cyberattack.
A cyberattack or data breach can impact a small business in many ways: damage or loss of electronic data, loss of income, extortion losses, network security and private lawsuits, damage to your company’s reputation, and much more. Even the smallest cyber attack can be costly, destructive, and time-consuming. A 2019 report by insurance carrier Hiscox reveals that cyberattacks and data breaches cost businesses of all sizes $200,000 on average.
As a small business owner, you need to realize that you’re an ideal target for cybercriminals and take the necessary security measures to protect your assets and data. You need a reliable identity verification service, security training, anti-malware software, and so much more. Being a victim of a cyberattack is not a matter of “if” but “when.” And implementing a security monitoring policy, a password policy, and an incident response plan can help improve your cybersecurity. With that being said, here are small businesses that fell victim to data breaches and why you should care about cyberattacks.
Lifestyle Forms & Display Inc.
In May 2012, Lifestyle Forms & Displays Inc., a Brooklyn-based mannequin maker and importer fell victim to a cyberattack that saw them lose more than $1.2 million within a few hours through online transactions. According to the Wall Street Journal, the company noticed signs of trouble when the head of finances kept receiving error messages whenever he tried logging in to the company’s bank account to process payment for a foreign vendor.
The company’s tech team launched investigations and found their systems had been compromised. Cybercriminals had gained access to the company’s banking information through a virus that their antivirus program couldn’t detect. Owner Lloyd Keilson reported that the company was able to recover $800,000 within a couple of days. The remaining $200,000 couldn’t be recovered.
In this case, cybercriminals exploited vulnerabilities in the company’s computer networks, stealing $1.2 million from a 100-employee company in NYC. Unless you can afford to manage this kind of loss, it’s important that you implement stronger cybersecurity measures for your small business.
Efficient Services Escrow Group
In 2012, California-based Efficient Services Escrow Group had $1.5 million siphoned from its bank accounts by cybercriminals. It’s interesting that the cyber-heist, which began in December 2012, remained unnoticed until sometime in February 2013. Cybercriminals infected the escrow firm’s computer networks with a trojan, initiating three wire transfers to accounts in Russia and China. The first attack happened in December 2012 and involved a wire transfer of $432,215 to a bank account in Moscow. A month later, a total of $1.1 million was wired to accounts in China, in two transfers.
While the wire transfer ($432,215) to the account in Russia was retrieved, the two-wire transfers to China ($1.1 million) remain unaccounted for. The California escrow firm was forced to close down and lay off its entire staff after the attack. Of course, there are questions as to who, between the bank and the escrow firm, should bear responsibility for the account takeover attack. However, it’s clear the firm lost over 1 million dollars and had to go out of business.
City Newsstand-Chicago Inc.
In 2010, Chicago-based City Newsstand, Inc. fell victim to a targeted cyberattack that cost the company about $22,000. Cybercriminals visited two magazine stores owned by the Chicago Company and installed a malicious program on the independent store’s cash registers. The software program sent customer credit-card numbers to a server in Russia without anyone noticing.
The owner Joe Angelastri was forced to hire a cybersecurity team to rebuild his store’s network from the ground. Also, his company’s reputation was damaged as customers became reluctant to use their credit cards with them afterward. He also had to pay thousands of dollars in banking fees after Mastercard demanded an investigation at the company’s expense. The cyberattack cost Angelastri roughly half of his total annual profit.
In 2015, during the holiday season, a 7-employee California-based toy company was attacked by ransomware which encrypted the company’s files, rendering them unusable. The hackers demanded a hefty ransom payment to make the business’s data usable again but Rokenbok didn’t pay anything. The California company chose to restructure their core systems and everything was back to normal four days later.
While Rokenbok didn’t go out of business following the attack, it lost thousands of dollars in missed sales within those four days of downtime. It’s also worth noting that this cyber attack wasn’t the first as the company had fallen victim to a denial-of-service attack earlier that year. Many Small businesses aren’t as fortunate as Rokenbok, and always end up closing down after such cyberattacks.
In June 2014, a code hosting and software collaboration service, Code Spaces fell victim to a cyberattack that forced the company to shut down. An unidentified hacker gained access to the company’s Amazon Elastic Compute Cloud control panel and erased crucial data, machine configurations, and backups. The hackers left a Hotmail address for Code Spaces to contact them before they attempted to extort the business.
The company was asked to pay a “large” fee so that the problem can be resolved. Code Spaces took action to regain control but the damage was already done. Within 12 hours, the code hosting service platform went from a viable small business to complete devastation.
Michael Zhou is a Senior VP of Business Intelligence Development and has assisted the Fortune 1000 company with expertise in the web as a whole, including ground-zero marketing efforts that benefit both consumer and vendor. He is also contributor on Esprittoday.