Small Enterprise, Big Target: Five Reasons Why Cybercriminals Attack the Little Guys

August 13, 2019 Arctic Wolf Networks

Many firms think they’re too small to be of any interest to hackers. They assume the headline-grabbing breaches of large corporations are all that criminals are after.

But just as muggings are more common than massive bank heists in the physical world, small scores are the most frequent target of cyberattacks in the digital one.

In fact, the 2018 Verizon Data Breach Investigations Report found that 58% of victims were businesses with fewer than 250 employees. What is particularly devastating about these attacks is that the cost of a breach can be enough to put many smaller enterprises out of business for good. 

Research from Accenture found that the costs from malware and malicious insider cyberattacks jumped 12% in 2018 and accounted for a third of all cyberattack costs. The average hit was $2.6 million per organization for malware attacks, and $1.6 million for malicious insider attacks.

A screen being touched with "small and medium Enterprises" written in the foreground

So, why exactly are cybercriminals turning to smaller organizations?

1. Small enterprises don’t always protect themselves

All too often, smaller enterprises think they can stay under the radar of cybercriminals and they don’t see the perceived expense of cybersecurity as a worthwhile investment. Because the results of good cybersecurity are a lack of any data breaches or malware, the value of it is somewhat invisible —business leaders may think that lack of attack is because they’re just not at risk. 

2. Small enterprises rarely educate themselves

Even when smaller firms invest in the equipment they need to help protect themselves, they don’t take the additional necessary step of educating their employees. Malware, in particular, is frequently traced back to a human factor (whether willful or accidental). Continuous training of employees on good password policy, what malware and phishing attacks might look like, and other cybersecurity strategies is essential.

3. The proliferation of devices changes the game

For businesses large and small, the growth in portable devices provides new attack points for hackers. From mobiles to fitness wearables, your employees, clients, suppliers, and partners unwittingly carry potential backdoors onto your business network all the time. If your employees take business devices home with them, they may also put the company at risk of breach by using them on an unsecured or open network. Your firm needs a BYOD policy and reliable VPN solutions for portable devices, be they personal or professional.

4. A lack of expertise

Not every small enterprise can afford a cybersecurity specialist on its IT team. Even if the funds and the will to hire tech talent are there, it gets increasingly difficult to find qualified candidates as the talent gap expands. Without the resources for in-house expertise, small enterprises need to consider outsourcing or retaining a managed service provider for their IT security needs.

5. Concentrating on protection instead of detection

Security software, patching vulnerabilities, and training your employees are all important parts of cybersecurity. But today, breaches and successful attacks are inevitable. Too many companies focus simply on stopping intrusions and are incapable of spotting malicious actors once they’re on the network in order to stop them before they wreak havoc.

Discover SOC-as-a-Service

Arctic Wolf Networks  delivers the industry-leading security operations center (SOC)-as-a-service. The Arctic Wolf™ Managed Detection and Response and Managed Risk services are anchored by the Arctic Wolf Concierge Security™ Team. Arctic Wolf’s purpose-built, cloud-based SOC-as-a-service offers 24×7 monitoring, risk management, threat detection, and response. For more information, visit



Previous Article
The Top Threat to Your Cybersecurity? You Might Be Surprised
The Top Threat to Your Cybersecurity? You Might Be Surprised

Both governments and the private sector are scrambling for a dwindling pool of cybersecurity talent.

Next Article
Technology Is Not Enough: Why You Need a Personal Approach to Cybersecurity
Technology Is Not Enough: Why You Need a Personal Approach to Cybersecurity

Companies always want to know whether they're using the best tools to keep their data safe. But that's not ...


Get cybersecurity updates delivered to your inbox.

First Name
Last Name
Yes, I’d like to receive marketing emails from Arctic Wolf about solutions of interest to me.
I agree to the Website Terms of Use and Arctic Wolf Privacy Policy.
Thanks for subscribing!
Error - something went wrong!