If you think that small businesses are not an enticing enough target to breach, think again. While the media has certainly upped it's coverage over the last couple years pertaining to data loss, many of the headlines involved global brands and tens of thousands records...not the corner deli, the mom/pop shop or the new start up. Yet a couple of recent reports show that small businesses and start-ups are prime targets for data loss.
The annual, chuck full of stats, Verizon Data Breach Report noted that of the 621 confirmed data breaches, almost half happened at companies with less than 1000 employees and almost 200 at companies with less than 100 employees. A Symantec report echoed the finding. In theirs, small businesses with less than 250 employees accounted for 31% of the attacks in 2012, up 18% from 2011. Symantec also notes that start-ups are especially vulnerable in the early going.
Why are these groups targets?
They have valuable data - intellectual property, financial information, digital identities - but may not have the resources to properly protect that data. Many large, global companies have beefed up their security in fear of becoming the next headline in a major newspaper. Thieves usually go after the easiest target - those with limited resources to protect against such an attack. Thieves may also infiltrate a smaller organization to jump on a global network if a partnership is in place. Take out the villages before entering the capital. In a start-up's situation, as they quickly launch, employees may be enticed to click a malicious link in an email...which then spreads. Most startups get infected with malware within the first year.