Noted security company Acronis recently released its mid-year 2022 report on cyber security, and to say that their findings are sobering would be an understatement. Let me hit you with some stats. First off: damage caused by cyberattacks is expected to reach $30 billion by 2023, and to give you some perspective, this is nearly half the size of the global video streaming industry (aka YouTube, Netflix, etc.), which was valued at nearly $60 billion in 2021. Here’s another one: the FBI is attributing $2.4 billion in loses in 2021 to hacks that originated from what’s known as a “Business Email Compromise” or BEC.
What this means for you
The BEC, also known as “someone stole my email password and is pretending to be me” is crazy prevalent in the small business world, primarily because email services are often self-managed by the organization, and as we’ve said in the past, just because it’s easy to setup, does not mean that it’s easy to keep it secure. “No big deal, right? I can just change my password and get them out of it.” Unfortunately for you, while the hacker was in your account, they may have used this access to fire off an email to your accountant to wire payment to a fake vendor that just completed a non-existent six-figure project for you. BEC’s are meant to go unnoticed while the hacker combs your account for opportunities, including the chance to use your email address to trick other people into BECs, and so and so forth. Just because you are “small” as compared to the big boys getting hacked, doesn’t mean you aren’t connected through maybe as few as 3 or 4 degrees of email separation to just about everyone in the world.
You may be thinking that your organization isn’t worth a hackers time to attack for a variety of reasons (size, obscurity, industry relevance, etc.) but you are valuing time from a business owner’s perspective, which isn’t how they operate when it comes to phishing. Most of the phishing emails everyone sees on a daily basis aren’t targeted – don’t think of phishers as the lonely angler on the shore looking to land a single fish. They are casting huge nets from automated fleets of phishing bo(a)ts, and then processing the piles of stolen passwords via automated algorithms that access your mail, scan the contents and then flag a human hit squad when certain valuable keywords are found. You may “just” be a doggy daycare center in San Fernando Valley, but one of your clients happens to be a B-list celebrity that might fall for a scam if it comes from their precious pooch’s dog sitter.
Long story short – your email account and your business is worth protecting – don’t underbudget security just because you think you aren’t worth the attention. You are, and you will get attacked, it’s only a matter of time for all of us.
Image courtesy of Stuart Miles at FreeDigitalPhotos.net