Cyber attacks on small businesses cost trillions and could spell doom for the global economy.
No one knows how hackers stole top-secret American spy tools in the first place. But now, those tools have been used in a series of small business cyber attacks costing Baltimore tens of millions.
Back in April 2017, a top-secret N.S.A. eavesdropping program called “EternalBlue” was somehow posted online by a group of hackers called “The Shadow Brokers,” according to The New York Times.
The tool is simple. It takes advantage of security gaps in Microsoft Windows. The N.S.A. didn’t tell Microsoft about this of course because they use these flaws for covert operations.
But now, that has backfired in a way that raises serious questions about the broader risks of such programs for the American economy.
Spy secrets and digital pirates
Initially, The Shadow Brokers tried to sell this stolen software on the dark web. When no one would pay they simply dumped the data online.
Two year later ransomware pirates have weaponized this system and now held Baltimore city computers hostage for a month.
The municipality and all the businesses that rely on it have been totally paralyzed. Payments cannot be made, to the city or to city vendors. Real estate development has halted and even basic email is impossible.
The N.S.A. has denied their program was involved. That’s what spy agencies do. They deny things.
However, private contractors hired by Baltimore city have independently found the malicious “EternalBlue” code inside those same computers, according to Times sources.
The cost of small business cyber attacks
Baltimore’s mayor took a principled stand and chose not to pay the $100,000 ransom the hackers initially demanded.
Many businesses however simply pay these extortions knowing the disruption will cost exponentially more.
But frustratingly, all this could have been prevented.
In 2017 EternalBlue’s leak was big news. So big, Microsoft jumped on a security patch immediately and released it to customers. The loophole was fixed, in theory.
The thing is, security fixes still require individual Microsoft users to take time to update their computers. But this is not how employees always behave.
And the problem is getting worse. A 2017 study found that nearly 70% of small businesses experienced cyber attacks. That number has likely only risen since.
Worse, half the respondents to this same survey admitted they had no idea how to protect themselves or their businesses in the first place.
A cyber attack on one is an attack against all
The problem of small business cyber attacks is so widespread the Harvard Business review suggested it could cause a global financial crisis.
What happened in Baltimore could theoretically happen to international payment systems. Imagine an entire month where global markets are down. The absolute havoc.
Cyber attacks already cost over $1 trillion annually and experts believe a severe attack could start a depression-style panic.
Other analysts suggest the sheer volume of small business cyber attacks could even trigger a bottom-up recession.
The thinking goes that if the majority of small businesses are already dealing with costly attacks, there must be a tipping point where losses become an overall market crusher.
Getting ahead of that curve is becoming a kind of collective responsibility. Small businesses will either make strategic investments or keep deferring these costs to an increasing number of wildly expensive emergencies.
How to protect your small business from cyber attacks
A small business in New York without so much as a functioning website was just hit with an attack in May that stole 100,000 credit cards and cost the start-up $27,000 in reversal fees alone.
The only way to avoid this fate experts warn is prevention.
The truth is once a vulnerable employee has clicked a phishing link it’s too late. Your business could be decimated.
This means small business owners investing in IT before a crisis emerges as a part of overall risk management.
Human resources are best but mandatory online training programs that teach employees how to spot phishing links in their email are also essential.
These programs have shown effectiveness because vigilance and current software is often enough.
Hackers are looking for easy targets. They’re not master thieves with a stethoscope on your safe. They make their money from volume and human error.
Fortunately, their low tech methods mean they can be beaten with the right preparation in place. But that is a serious business expense.
The cyber attack threat is growing. But so is the economy. That means now is the time to invest.
Looking for alternative financing? Look no further.
Apply Now With Velocity Group USA