Cybersecurity is not just an enterprise-level risk

March 22, 2024
Small-to-medium enterprises are preferred targets, accounting for nearly 70% of reported attacks

The frequency and sophistication of cyber-attacks perpetrated against all levels of enterprise and industry have exponentially increased in conjunction with these organizations' reliance on digital technologies to power their businesses and operations. This has led to untold trillions of dollars in losses in damages and revenue and disruptions in services for companies and organizations all over the world. Cybersecurity incidents have been reported by prominent industry behemoths like Apple, Meta, Sony, Twitter, and on and on, but for every one of these high-profile, publicized attacks, there are countless leveled against smaller companies, services, and networks that are just as vulnerable—if not more so—to these threats.

This makes cybersecurity not just a growing problem for major corporations with multi-billion-dollar valuations and critical government infrastructures but for all manners of small-to-medium enterprises, municipalities, hospitals and any organization that relies on digital networks and technologies, which—in 2024—is namely all of them in some capacity or another.

Technology Service Shift Spurs More Attacks

The most logical reason for the recent precipitous rise in cyber-attacks is also its most obvious. As more companies and services are hosted on digital networks, it makes sense that there will be a correlating rise in incidents of nefarious groups trying to exploit the weaknesses of these networks. While the development and adoption of digital technologies have increased the power and capabilities of companies and organizations all over the world, the same can be said for hacker groups and ransomware gangs. Advancements in technologies such as artificial intelligence have made it easier for cyber terrorists to identify and breach network vulnerabilities at greater speed and efficiency, and these technologies are being deployed around the clock to probe and attack vulnerabilities wherever they can be found. So, while yes, the number of cyber-attacks is rising because of the digital transformation our society is undergoing, the fact of the matter is that these hacker groups are also undoubtedly getting better at it.

The diversity of motivations for these hacker groups and cyber terrorists is a large factor in what has caused these attacks to experience such a steady climb. The most obvious is financial motivation. Simply put, it pays. When one of these groups can gain access to a network and leak sensitive information or hold data and services hostage, they often receive a hefty ransom.

While the most publicized targets for these ransomware gangs are larger companies and critical infrastructure, small-to-medium enterprises are these organizations’ preferred targets, accounting for nearly 70% of reported attacks. While these small businesses and local-level organizations may lack the bottomless pockets that hackers covet, they also lack the resources that larger organizations have at their disposal to protect themselves, making them low-hanging fruit for cybercriminals.

Many businesses following a breach do not last more than six months. A disturbing trend to emerge is the targeting of hospitals and medical facilities by cyber terrorists

Geopolitical Motives

Another motivation of cybercriminals and hacker groups has been politically and ideologically charged. As geopolitical tensions rise and global conflicts erupt, many nations employ teams of cyber terrorists to strike at the economic and social structures of their enemies. This can be seen in Russian efforts to destabilize Ukraine, in the Israel/Hamas War, and in Chinese efforts to disrupt and weaken Western nations. Cybercrime has become an extension of the military capabilities of developed nations all over the world and oftentimes one of the most effective tools for sabotage and espionage.

On the grassroots level, more extremist activist groups are turning to cybercrime as a means of striking out directly at companies, industries, and political parties. Incidents of ‘hacktivism’ are on the rise as civil disobedience undergoes a digital transformation in conjunction with the agencies and organizations that many of these groups have pitted themselves against.

Costs Rise Above Dollars

Cybersecurity is not just a line item on a balance sheet. The damage of these attacks can certainly be measured in dollars and cents, loss of revenue, and ransoms paid, but it can also take untold tolls on the fabric of our society and the lives of its people. For many companies, this is not a temporary disruption. Many businesses following a breach do not last more than six months. A disturbing trend to emerge is the targeting of hospitals and medical facilities by cyber terrorists. What happens when the cost of these attacks is no longer measured in financial terms?

Towns and cities have also been increasingly targeted by cybercriminals. What happens when their capability to respond to an emergency is compromised by an ongoing cyber-attack? And these are just examples on a local level. What happens when the critical infrastructure of federal agencies and organizations is unable to be accessed and vital services are unavailable to people in need?

Cybersecurity protocols must be developed and implemented at the same rate of speed and efficiency as those who are searching for ways to penetrate them. We need to have a better understanding of security risks and the most effective responses and strategies to deploy in the event of a cyber-attack. Training and education, in conjunction with the latest developed platforms and protocols, are vital to curbing this escalation in cyber-attacks and ensuring that our networks and systems are protected against the threat of breach. We are only as strong as our weakest link, however.

It is not enough to develop the most comprehensive cybersecurity if it remains either inaccessible or underutilized. More companies, organizations and enterprises at every level must be made aware of their current vulnerability to cyber-attacks and must take proactive measures to prevent these attacks from occurring. The final reason that hackers are perpetrating more of these attacks every day—and the only one we have the power to influence—is its simplest. It's because they can.

Charles Regan is the CEO and co-founder of Nerds on Site, a computer support and repair company. Prior to Nerds on Site, Charles was with Dale Carnegie Training, where they ran the southwest Ontario branch. Charles Regan has a degree in Systems Design Engineering from the University of Waterloo.