Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back
Back

SMBs Are Not Immune From Ransomware Attacks

Written by: Cameron G. Shilling

Published in NH Business Review (3/26/2021)

Hackers are intentionally targeting small and medium sized businesses (SMBs), and are likely to continue doing so for the foreseeable future. Headlines certainly have exposed recent breaches of large and sophisticated companies (like Marriot, Equifax and Yahoo!), big governments and agencies (like the federal Office of Personnel Management and State of Texas), and prominent educational institutions (like Harvard and University of Connecticut). But, it would be a mistake to believe that hackers target only those types of organizations.

No business is immune from cyber threats. In fact, small and medium sized business are just as valuable targets as large organizations, because we commonly possess significant amounts of sensitive personal information about customers, vendors, employees, students, etc. Also, SMBs are generally more vulnerable, because we often do not have comparable resources to invest and have not allocated the time required to implement appropriate safeguards.

Sophisticated Ransomware Is Unavoidable

Ransomware attacks perpetrated a few years ago typically only encrypted computers and servers, yielding a demand for ransom to obtain the decryption key. Cybersecurity evolved to counteract that threat, particularly through a combination of advanced activity-based applications that detect ransomware activity and deactivate systems before all data is encrypted, with robust backups that can be used to restore encrypted systems.

As a consequence, hackers evolved too. Now, sophisticated ransomware is typically undetectable by routine anti-malware, and both extracts data from computers and encrypts it. Thus, if the target business refuses to pay the ransom to decrypt its systems, the hackers re-demand ransom to refrain from selling the stolen information on the dark web.

No Target Is Too Small, and No Business Is Ignored

In years' past, hackers may have focused more of their efforts on larger businesses that accumulated credit cards, social security numbers, governmental identification numbers, financial information, and health information. That is not true anymore.

Because big firms generally have invested in cybersecurity, smaller ones are now much softer targets. Also, while the foregoing information remains generally valuable, some of it (like SSNs and governmental IDs) have been broadly compromised already, and other types of information (like credit cards and financial accounts) are surrounded by sophisticated protections.

Broader personal information is now equally or more valuable for hackers to perpetrate identity and financial crime. For those purposes, the information that small and medium sized commonly collect is prized, like information about financial and business transactions, travel, purchasing activity, family relationships, social interactions, usernames and passwords, etc.

Moreover, hacking has increased its efficiency by industrializing the criminal enterprise. Criminals now specialize in code writing, phishing, deploying attacks, collecting and aggregating data, perpetrating crime, etc. That efficiency, in combination with greater automation in phishing and deploying attacks, have enabled hackers to exponentially expand their target population.

We All Can Afford Cybersecurity, and Can’t Afford to Ignore It

Two big hurdles faced by small and medium sized businesses are a lack of knowledge about how to address cybersecurity, and a misconception that doing so will be too expensive or disruptive. Neither are prohibitive barriers.

With respect to the first issue, many articles (including those published here) and other resources (such as through the National Institute of Standards and Technology or NIST) exist to educate us on this topic. Also, the market now has a greater selection of information security professionals qualified to provide services to a wide variety of small and medium sized businesses.

With respect to cost, there is good news for SMBs. Their relatively smaller technological and physical footprint generally makes it is easier and cost effective to assess their vulnerabilities and implement reasonable safeguards. By contrast, larger companies commonly have established technology systems and physical facilities that may have been designed without addressing current cybersecurity controls, which means that they may have more vulnerabilities that can be costly and operationally challenging to mitigate. Additionally, all businesses allocate a certain amount of resources to technology, and an experienced professional can help configure that same budget to incorporate cybersecurity safeguards with limited additional cost.

The business leaders who have experienced hacks know all too well that we cannot afford to ignore these risks. Ransomware cripples a business for days or weeks, can be exorbitantly expensive (particularly if a business has no insurance coverage for it), and often results in lost customers and revenue. Hackers will continue to target small and medium sized businesses. So, SMBs need to take action now to protect ourselves.

Integrity and trust

At McLane Middleton we establish and maintain long-standing relationships with our clients to help us better achieve their unique goals over time. This approach to building trust requires that our esteemed lawyers and professionals use their broad, in-depth knowledge and work together with integrity to ascertain sound resolutions to legal matters for their clients.

Strength in numbers

McLane Middleton is made up of more than 105 attorneys who represent a broad range of clients throughout the region, delivering customized solutions. As a firm we are recognized as having the highest legal ability rating. The firm is rated Preeminent by Martindale Hubbell and is recognized as one of the nation's leading law firms in Chambers USA. Our attorneys are distinguished leaders in their respective practice areas.

Meet Our People

Commitment and collaboration

McLane Middleton's versatile group of attorneys and paralegals become trusted authorities on each case through collaboration. We work with our clients to learn their individual needs first and foremost and, together, we develop comprehensive solutions to their specific legal matters. This approach helps us exceed our clients' expectations efficiently and effectively, client by client, case by case.

Practice Areas

A history of excellence

McLane Middleton was established in 1919 in New Hampshire, and has five offices across two states. However, deep historical roots don't allow you to become innate. Our firm is organized, technological, and knowledgeable. Our history means we are recognized. But our reputation is built on the highest quality of service and experience in very specific areas of law.

The Firm

Intelligence paired with action

Our team continuously seeks opportunities to enhance their professional development and put key learnings to action. The pursuit of further insight guides us to volunteer service opportunities, speaking engagements, and teaching roles. Our lawyers are sought after thought leaders across their industries, and recipients of leadership awards throughout the region.