Cyber-attacks on small businesses are repelling customers and costing a fortune, leaving owners with tough choices on how to strengthen their online defenses against increasingly common security breaches.
According to a Neustar study, 70 percent of surveyed businesses experienced prolonged distributed denial of service, or DDoS, attacks that drove away countless customers and millions of dollars in potential revenue.
Over five hundred IT professionals admitted their greatest fear is the customer backlash and heavy cost of distributed denial of service attacks. DDoS attacks overload servers with requests, overwhelming websites in a heavy flow of traffic.
Retailers worried about hacking the most, as such attacks cost an average of $100,000 per hour.
“This is a significant amount of money,” observed Ted Swearingen, director of the Neustar Security Operations Center. “People don’t realize there are a lot of other costs associated with DDoS, such as brand damage.”
Neustar’s study suggests if large firms suffer monetarily from cyber-attacks, small businesses have an even harder time handling increased security breaches.
For instance, Sony stands out as a significantly damaged brand, following a string of Anonymous DDoS hacks from April until October 2011. The attacks cost millions in cleanup and forced the company to compensate disgruntled users for failing to protect their data.
The Japanese company was big enough to stay afloat following this disaster, but most small entrepreneurs would have sunk in its wake. And in this case Anonymous hackers didn’t even aim to steal from Sony’s financial centers, preferring instead to humiliate the electronics maker by publicizing user information.
“While Anonymous has been getting a lot of headlines, our data tells us that most of these attacks are happening for the old-school reasons of why you’d want to knock out a site: financial gain and competitive advantage,” said Sweringen.
Small businesses are just as vulnerable as big corporations against financial DDoS attacks, since the payout is lower but the threat of retaliation much slimmer. And financially motivated attacks are increasingly common, as Swearingen states.
“You have a one in three chance of a DDoS attack. It is something that IT teams and companies need to prepare for,” he warns.
But under five percent of participants in Neustar’s study have any protection against DDoS attacks, using only firewalls and rudimentary software to discourage hackers.
Further, many businesses use generic passwords like “password1″ and “1234″ to shield sensitive data rather that switching to complicated, unhackable codes.
Cyber-insurance, sold by firms like Travelers Companies and Chubb, also offer a refuge to both small and large businesses seeking protection against cyber-criminals. Still, this method is only partially helpful as it may not cover certain claims like civil lawsuits.
New government regulations may also soon enable small businesses to collaborate with the National Security Administration in warding off cyber-criminals. But civil rights advocates say these bills violate the First Amendment and may eliminate more liberties than they grant.
With the number of cyber-hacks is the rise, small companies will need to set aside finances for comprehensive preparations to fortify their electronic defenses to avoid Sony’s fate. However, they will also need to weigh whether the investment will be money well-spent, or if any company can really be protected against the ever-increasing — and more aggressive — amount of cyber-attacks.