Small businesses’ inability or failure to deal with their vulnerability to cyber criminals puts them increasingly at risk for online attacks, witnesses told a congressional hearing this month. Part of the problem is innocence or ignorance, and part is small businesses’ overall lack of financial and other resources, the witnesses said.
Fewer small and midsized businesses used software programs last year to make their internet and mobile sites more secure than in 2014, Jamil Jaffer, an adjunct law professor at George Mason University, told the House Small Business Committee, citing an annual Cisco Systems study. Although cyberattacks have been in the news more often, nearly a quarter of small and midsized companies don’t believe they’re significant targets for cybercriminals, Jaffer said.
Small businesses’ tendency to underestimate their vulnerability puts not only their operations at risk, but also those of larger companies to whom they supply goods or services, said Justin Zeefe, co-founder of Nisos Group, a cybersecurity company based in Washington, D.C. Many are also leaving themselves open to cyberattack tools known as ransomware, computer software that in effect seizes a computer’s files. To get their files back, computer users must pay a ransom. However, if users have taken security steps like backing files up with an online security company, they can avoid dealing with the criminals.
Larger companies make cybersecurity a priority, but smaller businesses don’t, Zeefe said.
“Malicious hackers follow the path of least resistance,” he said.
But small companies are also at risk because they’re at an economic and size disadvantage, said Nova Daly, a public policy adviser with the law firm Wiley Rein in Washington, D.C. Large enterprises have more money to spend on protecting their systems than smaller ones, he said. And small businesses may be out of the loop when information about potential attackers is disseminated.
“Often, larger companies have the resources to continually monitor and review threats that may arise from certain technology and supply chains, and at times are contacted by the U.S. government when breaches occur,” Daly said.
