Three Cybercrime Myths That Are Hurting Small Businesses

February 7, 2018|

Chip Lamb is an antique car dealer, but on Tuesday afternoon he was sitting in the front row of a conference room of a company that has been getting a lot of local buzz for its role in an entirely different industry: cybersecurity.

Unlike some others in the room whose businesses were similarly unrelated to cyber, Lamb spent years in the field as a wide-area network administrator in Manhattan the early 1990s.

While technology has changed immensely since then, Lamb holds that basic principles have remained the same.

“The person using your equipment is the lowest common denominator,” Lamb said. “And if you can eliminate the threat of the lowest common denominator, it doesn’t go up to the top.”

That concept was one of the main reasons Robert Smith, an audit manager for local cybersecurity company EDTS, had gathered local businesspeople to talk about cybersecurity’s role in their world, to bring the concept of “cybersecurity” down from the clouds and into tangible business scenarios.

Thus, Smith’s presentation involved deconstructing a few myths about cybersecurity he said can make people a little more comfortable than they should be. We highlighted a few of the big ones.

Most cybercriminals don’t bother targeting small businesses

Contrary to popular belief, simply flying under the radar is not a reliable option for small businesses owners who think they don’t have anything valuable enough to make hacking into their networks worthwhile, Smith said.

In fact, 43 percent of cyber attacks target small businesses, he said. Sixty percent of those businesses end up closing within 6-7 months.

“That’s huge when you think about the number of businesses that could be impacted on a day-to-day basis,” Smith said. “We’ve got new business that pop up day-to-day and businesses that close every day. How many of those are from ransomware (a kind software that blocks access to a computer system until a payment is made) that they can’t recover from?”

Smith referenced one email service provider’s data that revealed that out of the two billion emails that were sent using the service over the course of a year, one out of every 131 was malicious. That means 6.5 million malicious emails are sent to small businesses every day.

“The threat is not just real for small business, buts its deadly its some cases for these organizations,” Smith said.

Skilled computer network hackers are few and far between

As much as we might enjoy shows like “Mr. Robot,” Smith said, such narratives have painted an inaccurately elitist picture of the hacking industry in which the act is portrayed as an undertaking that is possible for geniuses alone.

“I can go to Google, search for a malware-building tool, and it will come up,” Smith said. “I can take all the things that I want it to do—have it flip your screen, give me a door, flip your keyboard. I don’t have to program anything…I just have to get it to your inbox. That is why it is possible for teenagers and young adults and people like myself.”

Security firm Kaspersky reported that ransomware increased by 250 percent in 2017. According to global risk reports from the World Economic Forum, cybercrime is costing the glob economy hundreds of billions of dollars annually.

For that reason, businesses are at far more risk by not educating their employee bases than they were just a few years ago. The majority of cases in which a system is compromised begin with a human connection, Smith said, usually over email. First and foremost, companies need to understand the risks that exist, and what their tolerance is for those risks in their systems.

As EDTS has educated its own workforce on how to be cautious and aware of cyber threats, Smith said the company has clearly seen improvement.

“I can tell you that with our organization…there were lots of people that were a little click-happy. Now that’s maybe less than a person every six months.”

Overall, cybercrime is not that significant of a threat

According to the World Economic Forum’s 2018 Global Risk Report, there are 8.4 million devices connected in the Internet of Things—more than the number of people on earth.

That represents a fundamental shift in the way society operates. As communities becomes increasingly software-based, their susceptibility to cybercrime grows.

“They’re going to continue to grow, and they’re going to continue to target small businesses,” Smith said. “It’s not a matter of if, but when.”

But as the world changes, many businesses aren’t keeping up, which might cost them in the long run if they’re unable to mitigate security risks.

“I met with a county recently that within the last few years just got rid of all the typewriters,” Smith said. “Now I have people who may have never in their careers touched a computer or worked with it in a professional setting.”

One thing that hasn’t changed, though, is the importance of business owners taking responsibility for creating a way for workers to become educated about the massive and often dangerous implications of the technological landscape.

Lamb said that over the last thirty years, one thing hasn’t changed at all: he still think end-user education of cyber threats is the most important factor for businesses to invest in.

“Cyber criminals are becoming more and more sophisticated,” Smith said. “You never want to put money into something if it’s not going to produce a return. But if the impact of that resource being down could potentially put you out of business…is the cost worth it at that point?”


Reach Witt Wells at (901) 319-8877 or at




Leave a Reply