As we delve deeper into winter, a recent report by Dell underscores a concerning trend in the cybersecurity landscape: The cost of global cyberattacks surged to an unprecedented $1.41 million per attack in 2023, a significant leap from $660,000 in the previous year.
IT disruption today is commonplace, with the vast majority (90%) saying their organizations experienced it in some form in 2023. More than half of those who experienced a cyberattack event (55%) said attackers’ first point of entry was external – such as users clicking on spam or phishing emails and malicious links, or compromised user credentials. This highlights how the shift to remote and hybrid working models has magnified IT operational challenges.
This data arrives at a critical juncture, with warnings of heightened cyber risks during these remaining winter weeks. As businesses reel from holiday distractions, the risk of cyber incursions rises sharply. Winter is prime time for cybercriminals. Startups, often perceived as too small to be targeted, are at greater risk.
Conor O’Neill
Interestingly, hardware failures caused more than half of the data access issues in the U.K, per Dell’s report. This points to the multifaceted nature of cyber threats, ranging from external attacks to internal system breakdowns.
The Vulnerability Dilemma: Size Vs. Security
A common misconception among startups is that they are too small to be targets for cyberattacks.
However, the reality is that up to 80% of data breaches stem from common vulnerabilities, which do not discriminate based on business size. The Common Vulnerability Scoring System (CVSS) assesses factors like ease of access and complexity, demonstrating that vulnerability bears no correlation to the size of a business.
Many startups underestimate their exposure to cyber threats, wrongly believing that hackers typically target larger businesses with more extensive financial resources and sensitive data. But most hackers feed off of startups, considering them low-hanging fruit in comparison to larger enterprises.
While the successful breach of a giant like Facebook is a rare, media-worthy event, smaller startups can be cyber-attack targets due to their perceived lower defenses — which can lead to dangerous complacency. When a small startup is hacked, it rarely makes headlines, fostering a false perception that cybersecurity is a big company problem. But 61% of SMBs were targeted in a cyberattack in 2021, and 46% of all cyber breaches impacted businesses with fewer than 1,000 employees, Verizon’s 2023 Data Breach Investigations Report showed.
If you think you’re too small to be a target for hackers, you might have an unwanted Christmas gift waiting for you because you are the target.
Act Now, Not Later
A cyberattack occurs every 39 seconds, so it’s crucial for small business owners, startups, and entrepreneurs to recognize the real risks they face in the digital landscape. To protect against these threats, routine penetration testing, establishing threat intelligence systems, and vigilant vulnerability management is recommended.
As we brace for a potentially turbulent cyber winter, the need for vigilance and proactive measures is clear. Startups and small businesses must shed any misconceptions about their security and prepare for the heightened risks of the season.
Conor O’Neill is co-founder and CEO of OnSecurity, the U.K.’s leading penetration testing service.
