Putting Cyber Threats on To-Do Lists at Small Firms

A director of malware research at Dell SecureWorks monitors multiple computer screens in his office in Myrtle Beach, S.C., hunting for Internet spies Photograph by Stephen Morton/Bloomberg

How freaked out should small businesses be about cybercrime? Plenty, according to a flurry of recent warnings from government officials, insurers, and investors, as well as your more traditional alarmists like computer security firms. “Technically speaking, all hell has broken loose,” Bessemer Venture Partners’ David Cowan said yesterday, describing the state of computer hacking during an interview with Bloomberg Television.

In a House subcommittee hearing today about the threat to small businesses, Chris Collins (R-N.Y.) cited studies that found 20 percent of cyberattacks are on companies with fewer than 250 employees, and that 60 percent of small businesses close within six months after a cyberattack. He said recent attacks on behemoths should serve as a wake-up call to small ventures.

Hackers, of course, can turn the same techniques used to compromise such deep-pocketed institutions as Microsoft, Apple, the Federal Reserve, and the U.S. Department of Energy (to name four of the entities Cowan said were targeted in February) on small companies, which often are easier prey. “Unfortunately, SMBs [small and medium-size businesses] are less resilient than larger companies because they have fewer IT resources in terms of personnel, hardware, and software to combat the onslaught of daily cyber threats and attacks that many SMBs encounter on a daily basis,” said Dan Shapero, the founder of digital marketing service ClikCloud, during testimony today.

Insurers have also taken note. Yesterday, Noah Buhayar and Elizabeth Bunn reported for Bloomberg News on the growing market for policies covering small businesses against cybercrime:

“Smaller companies are learning that, as more data is shared online, they, too, can be targets for the kinds of attacks that larger firms endure. American International Group Inc. and Travelers Cos. are among insurers tailoring cybersecurity products to those customers.

“Small and mid-size companies are ‘where we’re going to see some of the most aggressive growth in the next couple of years, because it’s been a part of the market that was ignored,’ said Bob Parisi, network security and privacy practice leader at Marsh Inc., the insurance brokerage of Marsh & McLennan Cos.”

Computer security firm McAfee, meanwhile, says small businesses should be particularly wary of phishing scams this time of year.

“Tax season, Christmas, end of year, when you’re launching a new business—those are the times when small businesses are likely to get targeted,” says Monica Hamilton, who works on small business products for McAfee. “They know that you’re going to be sending financial data, and they’re freakishly good at going after it.”