The Price of Cybercrime: Protecting the Business You’ve Built from Hacks and Attacks

Cybercrime has a price. One that more and more business owners find themselves paying. 

The costs push well into the six figures, according to the U.S. Federal Bureau of Investigation’s (FBI) 2022 cybercrime report. On average, a business email compromise (a form of usually through targeted phishing or other account hacking) siphons $125,611 in funds. Ransomware attacks hold company data hostage for an average of $14,403. And data breaches level businesses for an average loss of $164,336. 

Cybercriminals increasingly wage these attacks against businesses with revenues of $500,000 or less, which makes the thought of a six-figure loss for them even more sobering. Retailers, professional service providers, real estate companies, medical practices, and other businesses like them now find themselves the preferred targets for a growing body of cybercriminals. 

Yet you can help prevent your business from getting hit.  

To counter this rise in attacks, we created McAfee Business Protection in partnership with Dell. It offers an all-in-one solution, with automated protection features that helps secure a company’s employees, along with their data, devices, and online connections. Intuitive setup and guidance for each employee strengthens their personal security posture and fortifies the overall security of your business as a result. 

And today, there’s an absolute need for that kind of protection. 

Why would a cybercriminal target my business? There are bigger fish out there. 

Cybercriminals have good reasons for targeting businesses with revenues of $500,000 and less: 

1. These businesses often lack online protection tools and support, making them more vulnerable to attacks than larger organizations with stricter security measures in place. 
2. Attacking these businesses often requires lower degrees technical expertise. Cybercriminals can buy or rent hacking tools and services on the dark web that can take advantage of poor security. 
3. They are prime for ransomware attacks, because many of these businesses don’t have data backed up or data recovery plans in place. 
4. Their employees aren’t always trained in good security habits, unlike larger businesses that may have such training in place. They may not recognize a phishing email when faced with one. 
5. Attacks on businesses of this size attract less attention. While cyberattacks on big businesses make big headlines, they often draw significant attention from law enforcement whereas smaller attacks may not.  

Cybercriminals may take in smaller hauls from these businesses, yet they make up for that in volume. They will attack several smaller businesses for smaller dollar amounts, which can rival the funds they’d reap by attacking one large target for one large amount—and with less relative risk. 

Another factor that makes these businesses so attractive to cybercriminals is that one hack can lead to another.  

Case in point, you might recall the massive data breach at Target during the holiday shopping season in 2013. It exposed some 41 million customer records, which cost Target nearly $300 million in settlements and losses. How did the hackers get in? By hacking a local HVAC contractor that used Target’s systems for billing, contracts, and project management.  

This shows how a breach in even the smallest of links in the supply chain can lead to yet another breach that impacts millions of people.  

As always, hackers look for easy, low-risk targets that offer the highest reward. In the case of businesses that make $500,000 a year or less, they’ve found exactly that. 

Two roadblocks to a more secure business: time and remote workers. 

Even as cybercriminals increase their attacks, both time and remote work only increase the risk to businesses.  

Time is an issue business owners know well already. There’s never enough of it, which means some aspects of the business get prioritized over others. In this mix, cybersecurity suffers. 

Our own research in the U.S. and Europe found that 63% of small business owners spend an hour or less on protecting their business a week. Moreover, 45% manage security in an ad-hoc way. It’s understandable, given that business owners would rather invest time in growing their business rather than managing their security. However, this low prioritization puts the business at risk, which could result in those six-figure losses mentioned above. 

The advent of remote work introduces further security issues as well. In the wake of the pandemic, many employees continue to work remotely or remotely part of the time.  

The implications for security can be significant. Whether working from home or some other location like a café, these employees may not have proper cybersecurity protection in place. Further, they may be using unsecure networks or Wi-Fi that can put company data at risk—not to mention their data as well. In all, remote workers can find themselves quite vulnerable. 

Protection from breaches and attacks with security that’s built for your business. 

As we created McAfee Small Business protection, we kept these issues in mind. We created protection that’s strong, and we made it straightforward as well. Business owners can set it up for their employees quickly and put controls in place to ensure they’re secure. Meanwhile our Protection Score measures the overall security of the business and offers guidance that can make it even more secure. 

By design, it offers:  

• All-in-one protection: It helps secure your employees, plus their data, devices, and online connections from hackers, malware, viruses, and more with a single solution. 
• A solution that grows with your business: Employers can extend protection to each employee, protecting their data, devices, and online connections with custom guidance that strengthens their security posture. 
• Simple and guided management: Automated protection and timely alerts let employers know when something needs attention, even when on-the-go, all from the Security Console. 
• Support when you need it: Our team of experts are available by phone or chat to help with setup or guidance when something needs attention.  
• The performance you demand: McAfee’s next-generation threat protection helps secure data and devices from threats both known and unknown and keeps devices running safely and smoothly.    
• A trusted expert in security: McAfee has more than 35 years of experience protecting millions of people and their devices around the globe with award-winning security that’s recognized by SE Labs, AV-TEST, and AV-Comparatives. 

Further features secure your business in breadth and depth: 

• Device protection ensures that operating systems are up to date, devices have password protection, and that files get encrypted when and where possible. 
• Web Protection sidesteps phishing attacks and malware downloads with clear warnings of risky websites, links, and files.  
• A secure VPN can automatically help keep your data private and secure anywhere your employees go with bank-grade encryption.  
• A File Shredder deletes sensitive company files completely to ensure no traces are left behind on your devices.  
• Identity Monitoring alerts employees if their personal information is found on the dark web. 

These are just a few of the security features offered, and you can see a full list on our partnership page with Dell here. 

By protecting your business, you protect your customers, clients, and partners too. 

Cybercrime indeed has a price. Beyond the dollars involved, the costs can run yet deeper from there. Downtime in the wake of an attack hits the bottom line. The recovery efforts that follow do as well. Additionally, businesses can suffer reputational damage if an attack also affects its customers, clients, and partners.  

Now, a shift has taken place. Cybercriminals still go after big businesses and major organizations, yet an increasing number of them go after businesses with revenues in the seven or even six figures. Poor security posture is one reason. Another is that even relatively amateur operations can wage attacks with “off-the-shelf” hacking tools found on the dark web.  

In short, every business faces the risk of cybercrime today. 

Yet with the right protection in place, you can avoid paying the price of cybercrime. And the introduction of our new McAfee Business Protection makes it easy in a time when it’s needed most. 

Introducing McAfee+

Identity theft protection and privacy for your digital life

Download McAfee+ Now

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts