Contributed By


Community Editorial Team

at Comcast Business

View Profile

Cybersecurity for Small Businesses: What Makes You a Target and What Are the Threats?

September 23, 2019

As a small business owner, it's easy to think of cybersecurity as primarily a concern for enterprise organizations, given the steady stream of high-profile breaches. While the biggest attacks might happen at large organizations, small businesses are still a mark for hackers. Learn what makes you a target and walk through the most common threats.

As a small business owner, it’s easy to read the seemingly never-ending headlines about cybersecurity breaches at enterprise companies and be lulled into thinking that you aren’t a target. After all, hackers are after the massive storehouses of customer data or proprietary information held by leading companies, right?

Not necessarily.

While the biggest headline-grabbing hacks involve large companies, cybercriminals don’t discriminate by size. As a matter of fact, even some of the biggest data breaches of the 21st century started out at small businesses. The cyberattack that hit Target in 2014, exposing the personal data of over 100 million accounts, was carried out via the network of an HVAC contractor that worked with the chain.

Two thirds (67%) of companies with fewer than 1,000 employees have experienced a cyberattack, and 58% have experienced a breach. These statistics make it clear all businesses need a solid cybersecurity strategy. Be it ransomware, DDoS (distributed denial of service), phishing or some other threat, there is no shortage of cyber threats targeted at small businesses.

So what makes you a target?

Small and medium-sized businesses don’t have the deep pockets that enterprise organizations do. So why are they such a target for hackers? There are a few key reasons:

  • Your valuable data: Hackers know that even small companies traffic in data that’s easy to offload for a profit on the Dark Web — medical records, credit card information, Social Security numbers, bank account credentials or proprietary business information. Cybercriminals are always trying to come up with new ways to steal this data. They either use it themselves to get into bank accounts and make fraudulent purchases or sell it to other criminals who will use it.

  • Your computing power: Sometimes cyber hackers are interested only in using a company’s computers, and conscripting them into an army of bots to perpetrate massive DDoS attacks. DDoS works by artificially generating enormous amounts of web traffic to disrupt service to a company or group of companies. The hijacked bots help generate the disruptive traffic.

  • Your links to the big fish: Today’s businesses are digitally connected to each other to complete transactions, manage supply chains and share information. Since larger companies presumably (although not necessarily) are tougher to penetrate, hackers target smaller partners as a way to get into the systems of large companies. This is what happened in the Target breach.

  • Your cash, pure and simple: When you think about it, cyber hackers target small businesses – or any other company — primarily for profit. Sure, some attacks are about disruption, as is the case with DDoS, but usually, the motive is to make money. This explains why ransomware is such a popular method of attack. It often succeeds, generating revenue for attackers. And as long as an attack method proves lucrative, hackers will keep using it.

What are the threats?

Enterprise organizations have entire teams devoted to handling cybersecurity. At many small businesses, those efforts, if undertaken at all, are handled by someone who likely wears many other hats in the day-to-day operations of the business. That makes small businesses particularly vulnerable to hackers. After all, a cybercriminal only needs to be right once. In order to stave off a successful attack, you need to be right 100 percent of the time.

A good cybersecurity strategy all starts with a solid understanding of the current threat landscape:

  • Phishing: Often providing a gateway for ransomware or other infections, phishing typically works by goading users into clicking an email attachment or URL containing a virus. Phishing has become more and more sophisticated, and it can be incredibly difficult to spot a fake message as hackers target specific individuals with messages they can’t resist.

  • Ransomware: Hackers use a wide range of methods to target businesses, ransomware being one of the most common. Ransomware locks up computers and encrypts data, holding it hostage. For owners to regain access to their data, they have to pay ransom to a hacker who then releases a decryption key.

  • Malvertising: Short for “malware advertising,” this consists of delivering malware to a network after a user clicks on an apparently legitimate ad. Identifying malvertising isn’t easy because of the way it’s disguised, but some advanced malware detection systems are getting better at it.

  • Clickjacking: Similar to malvertising, this practice involves hiding hyperlinks to compromised webpages in legitimate website links. Users are then asked to reveal personal data that hackers steal for nefarious purposes.

  • Drive-by-downloads: This dirty trick downloads malware into networks, often without users realizing what is happening. Sometimes users have to respond to a pop-up window for the download to occur but other times all you have to do is unwittingly visit a compromised website.

  • Software vulnerabilities: Hackers exploit vulnerabilities in popular web platforms such as Wordpress, tools such as Java and file formats such as HTML, PDF and CSV to deliver malware. Falling behind on updates can leave systems particularly vulnerable.

Any organization that neglects cybersecurity is taking a huge risk. And as businesses grow more and more interconnected, those risks extend to customers, partners, and suppliers.

To protect against costly malware, ransomware, and bots, small businesses need to implement 360-degree cybersecurity measures that include anti-virus programs, firewalls, and network security solutions that proactively protect all devices connected to your network. Learn how Comcast Business’ cloud-based network security solution SecurityEdge can help.

This article is available exclusively to
Comcast Business Community Members.

Join the Comcast Business Community to read this article
and get access to all the resources and features on the site.

It's free to sign up


Join the Discussion

To Comment either Register or Login:


To view the rules of engagement for commenting on Comcast Community click here


Resource Center

Why Comcast
Comcast Business delivers fast, reliable networking solutions built for business performance and growth

Current Offers
Take advantage of our limited time offers with a customized plan built to give your business an edge over competitors

Community Forums
Find solutions, share knowledge and get answers from customers and experts

Help & Support
Get help and support from Comcast experts

Resource Library
Find out how Comcast has helped clients like you meet their needs with informative White Papers, Case Studies and more

Internet Speed Test
Try the Comcast Business Internet Speed Test to see how your business stacks up

Social Media
Connect with Comcast and join the conversation on LinkedIn, Twitter, and Facebook

Take your business beyond

Fast is the nation's largest Gig-speed network. Beyond Fast is technology that helps business boom.
Learn more about Comcast Business solutions that can help your business perform better.