Phishing for Sardines

Recent trends indicate that cyberattackers are increasingly targeting small, startup businesses as larger companies have ramped up IT defenses in recent years. According to a report by cybersecurity firm, Symantec, “cyberattacks on small businesses with fewer than 250 employees represented 31% of all attacks in 2012, up from 18% in the prior year” (Link 1). As soon as a business sets up its website and email domain, cyberattacks are triggered almost immediately. In fact, by the time a business is five months old, it has already been targeted by hundreds of spam phishing messages and Malware attacks and, within ten months, most companies will have been infected with Malware. (Link 2). Hackers will also use attacks known as Ransomware, where an attackers locks up company computers and networks demanding a ransom to stop the attacks. Computers are not the only targets of these attacks, however. With the proliferation of smart phones and mobile devices in the business world, many attackers are now using malicious software to infiltrate these mobile devices in order to steal valuable information. Verizon’s RISK team has indicated that this trend of increasing attacks on small startup companies has been relatively consistent over the past six years (Link 1).

Larger corporations have the time and resources to devote to IT security that small businesses and startups just don’t have. Startup businesses in particular have enough concerns related to gaining market share and generally keeping their doors open and generally can’t devote enough resources to IT security. Further, despite the statistics, many small business owners falsely believe they are boring targets for cyberattackers due to their size. However, small businesses can be extremely lucrative and easy targets for these types of attacks. Most often, cyberattackers are after customer credit card numbers, contact information, intellectual property, or money from company bank accounts that are specific to the individual target company (Link 2). However, many hackers target small firms with a much bigger prize in mind. Increasingly frustrated with the beefed up security at larger firms, cyberattackers are using smaller firms as an entry point as they are often customers or suppliers of larger firms. Once a smaller firm is infected, it can spread viruses and other malicious software to a larger firm by way of emails and other exchanges throughout the course of normal business operations. Another way attackers are attempting to use smaller companies as bait is through the strategy of infecting startup companies in growth industries like tech and healthcare. The attackers then lie and wait hoping these infected companies will be gobbled up through mergers and acquisitions, which have been increasing as of late with the improving economy and availability of cheap debt. The attackers are essentially using the acquired company as a sort of trojan horse strategy to then infect the acquiring company and steal its valuable information.

Whatever specific tactic is used, startup companies have been increasingly targeted by cyberattacks as of late. In terms of time and resources, these new companies are stretched thin enough as it is. In-house IT departments are very expensive as is externally sourced internet security software sufficient enough to fortify these companies against sophisticated attacks. In light of this, what is a small business owner to do? Can they take steps to not be infected without professional help? Or is IT security spending now just an operational cost of doing business that can’t be avoided?

Link 1: http://money.cnn.com/2013/04/22/smallbusiness/small-business-cybercrime/index.html?iid=EL

Link 2: http://money.cnn.com/2013/05/23/technology/startup-cyberattack/index.html?iid=SF_SB_River

Hurricane Sandy Causing Problems for Small Businesses

When compared to major corporations, small businesses have it rough.  They don’t have the staff, resources, or logistical capabilities of larger companies.  Imagine, then, the nightmare that so many small business owners awoke to after Hurricane Sandy devastated the East Coast.  It’s for this reason that I’ve decided to discuss small businesses and the logistical difficulties they are facing after Hurricane Sandy – especially in regard to their supply chains.  The following New York Times article is one of the few I found that exposed the grim reality so many small businesses will face in the coming months.  Below is a synopsis.

______________________________________________________________________

A small business owner stands amongst the devastation caused by Hurricane Sandy.  Click the image to be taken to the article.

The article begins with a story that perfectly illustrates the dire circumstances so many business owners found themselves in after Hurricane Sandy passed through the East Coast.  Kristy Hadeka and Sean Tice – co-owners of Brooklyn Slate Company, a company that produces slate cheese boards – had been preparing for the holiday season when Sandy hit.  As a small business, the company depends on the revenue generated during this time of the year.  According to the article, holiday sales typically make up 75% of the company’s annual revenue.  Instead, they found themselves dealing with a litany of other issues – a depleted staff, damaged inventory, halted UPS shipments, and even customer emails requesting arrival times for orders.  Kristy and Sean even had to locate missing merchandise that was being transported to a Whole Foods store in Massachusetts.

Another small business, Linda the Bra Lady, had a similar experience. While the company did not experience any physical damage, co-founder Carl Manni explained that they did suffer financially as a result of the storm.  Manni explained that due to damage sustained to several of his vendors’ warehouses, he was unable to procure the inventory he needed to fill online orders.  He consequently had to back out of the orders – a decision that will cost him approximately $50,000 for this week alone.

Outside of lost inventory and stifled supply chains, the looming issue is that many of these business owners did not have insurance that covered a disaster of this nature.  Consequently, many small businesses will have to file for bankruptcy if they do not receive disaster relief funds from the government.

Ultimately, I feel that small businesses have a much harder time dealing with catastrophes of this nature.  Whereas large retailers can reroute their supply chain or reorganize resources to soften the punch Sandy packed, small businesses do not have the necessary resources to reroute orders or replace inventory – especially given the current state of the economy.

* The information provided in this post was drawn from the following New York Times article:

http://www.nytimes.com/2012/11/08/business/smallbusiness/after-the-storm-business-owners-assess-damage-and-ponder-lessons.html?smid=pl-share

Questions to Consider

  1. How do the logistical challenges faced by small businesses differ from those faced by major corporations?
  2. In the aftermath of Sandy, who has the rougher road – large corporations or small businesses?
  3. Put yourself in the shoes of a small business owner, how would you have reacted to a disaster of this nature?
  4. Should the government help small businesses recover from this disaster?