Andrea Danti - Fotolia

Problem solve Get help with specific problems with your technologies, process and projects.

What makes an SMB network a target for cyberattacks?

Small and medium-sized businesses are ripe targets for hackers. What can they do to improve their protection?

One by one, a handful of the most prominent websites in the world go down. Here's the scenario: Amazon, eBay, Yahoo, CNN, E*Trade and Dell all go down because of one coordinated denial-of-service attack. The President and Attorney General launch an investigation into who precipitated the attack. The $1.2 billion bill for damages is just starting to climb. Panic grips the New York Stock Exchange.

Although this doomsday scenario sounds farfetched, it actually happened, exactly as described, back in 2000. The culprit, Michael Calce, known then only by the moniker "Mafiaboy," was actually only 15 years old at the time. His intent wasn't to do harm or make a quick buck, but rather, to "intimidate other hacker groups," he recently told NPR.

While it's hard to believe now, there were plenty of non-monetary motives for hackers back then. As Calce said, "The whole of the hacking community was all about notoriety and exploration, whereas you look at hackers today and it's all about monetization."

That characterization isn't too far off. According to the National Small Business Association, the average cyberattack costs a small business almost $21,000 per incident. With a potential bounty like that, why wouldn't hackers want to profit from smaller companies whose networks aren't sufficiently protected?

SMB network a prime target for cybercriminals

In fact, cyberattackers are finding small and medium-sized businesses (SMBs) -- not big-name corporations -- actually make for the best targets. They've found that as enterprises have doubled down on fortifying their network defenses, it's SMBs that are now the most vulnerable and, therefore, the most attractive targets. All attackers have to do is maintain their offensive until their target's resources falter or are whittled away, and then they're in.

Larger companies can soldier on after an attack, albeit with a damaged reputation, but a breach can stop a small company in its tracks and halt all productivity.

To understand how cyberattackers think, and why they might prefer to target SMBs, let's first consider how real-world burglars think.

Let's say a burglar has the opportunity to break into a mansion that is guarded by a gate and an advanced security system. Alternatively, the thief could go door to door within a multi-unit apartment building until finding one left unlocked. While the apartment unit may not contain as many valuables as the mansion, it would likely represent the path of least resistance for the crook.

The same logic applies to cybercriminals who plot against SMBs and explains why attacks against the SMB network are far more common than those directed against large enterprises (although those are ones that attract the most publicity).

Fallout from cyberattack felt differently by SMBs

In the event an attack is successful, the fallout is very different for SMBs and enterprises.

For larger companies, an attack is more of a PR problem. Yes, the company's stock price could fall, lawsuits might follow and there may be penalties to pay for violating compliance requirements, but the long-term reputational stain -- and resulting financial damage -- can be nearly impossible to scrub out.

But the impact of an attack on an SMB network is very different, and it's not hyperbole to say their very survival could be at stake.

Larger companies can soldier on after an attack, albeit with a damaged reputation, but a breach can stop a small company in its tracks and halt all productivity. Damages topping $20,000 can make all the difference in whether a company is even profitable, not to mention the impact on employees.

Drawing up the battle plan takes careful consideration

As companies start to assess the damage following a cyberattack, their attention will eventually turn to preventing the next one. And, yet again, enterprises and SMBs differ in their approach.

Enterprises generally adopt a more holistic, centralized strategy when it comes to network security. They'll combine all their network equipment, perhaps including a secure remote access VPN, into one system. This allows enterprise network administrators to quickly address unexpected threats.

It's a different story for SMBs, in large part because of their limited resources.

Because of budgetary and resource constraints, SMBs just can't afford to be quite as comprehensive in their security approaches. Instead, they should maximize the budget they do have and put the foundational elements of a cybersecurity plan in place. These elements -- a firewall, a remote access VPN and an intrusion protection system -- can reduce the chance of a successful attack.

Finally, SMBs must also capitalize on the knowledge of their own vulnerabilities.

Network security flaws are well-known, and that's why companies -- no matter their size -- must beef up their infrastructures so that remote access is secured, vulnerabilities reduced and cyberthreats effectively diminished.

We've come a long way since 2000, but there's still plenty of work left to do.

Next Steps

Establishing business continuity plans

Retail attacks less frequent, more damaging

SMB security do's and don'ts

This was last published in August 2015

Dig Deeper on Network Security Best Practices and Products