The Right Team can keep Small Businesses Safe from Disaster#

Threat hunting may seem like a process that only large organizations may need. Small businesses may feel they are not a target of cyberattacks so convincing them to invest in routine threat hunting processes may be difficult. According to the Small Business Administration, “88% of small business owners felt their business was vulnerable to a cyber-attack”. Hiscox insurance found that micro firms of less than ten employees “the median cost of all attacks this year [2021] was just over $8,000. But at the 95th percentile and beyond there were firms suffering losses of $308,000. Some encountered still worse outcomes. One German business services firm experienced breaches costing the equivalent of $474,000 per employee.” They also found some firms were attacked multiple times within a single year. Despite these statistics, small business owners continue to operate with the false sense of security that their business is too small to be a target.

The first step in convincing a small business owner to invest in threat hunting is understanding their risks. Cybercriminals are not discriminant when it comes to who they attack and what size businesses they attack. There are a few key reasons why threat hunting is critical for small businesses:

less visibility into their network which makes it difficult to detect an incident
lack of full-time IT support
likely may not have a cybersecurity professional on staff to respond to potential threats
no defined cybersecurity policies or practices

Cybercriminals are constantly changing their tactics, which means organizations need to be continuously on the lookout for why and how they may be targeted for an attack. The attack may not be “targeted” to their specific organization but more opportunistic like some ransomware or phishing campaigns that can greatly impact the finances of a small business.Hiscox insurance found that small businesses are more susceptible to phishing campaigns. Some businesses have closed due to cyberattacks. The Heritage Company shut down and laid off over 300 employees due to a ransomware attack.

Threat hunting can be a difficult and time-consuming endeavor, but the benefits outweigh the costs. By being proactive and identifying potential threats before they happen, small businesses can avoid costly downtime, data breaches, and reputational damage. Forbes reports that small businesses are also least likely to report the cyberattack for fear of legal repercussions, disruption to their business, and fear of damage to their reputation. Visa can leverage up to $100,000 in penalties for not disclosing a data breach of a customer’s credit card information.

If you’re a small business owner, talk to your IT team or security provider about incorporating threat hunting into the process of managing risks. Since threat hunting is also a proactive process, by keeping up with trends in cyberattacks, IT teams can help keep their business, or their small business clients, one step ahead of threat actors by employing basic security controls to mitigate the well-known vectors of attack.

The bottom line is that threat hunting is a critical security measure for small businesses and one that should not be overlooked. With the right team in place, small businesses can avoid costly disasters and keep their data and reputation intact.