Small businesses tend to be attractive to cyber thieves, because they tend to have fewer security measures in place than large businesses do. Small businesses rarely have the in-house expertise, the time, or the budget to implement anything more than the most rudimentary cybersecurity measures. In addition, since these businesses are small, most owners are under the mistaken belief that they will be overlooked by cyber thieves.

1 – However, it turns out that it is the data itself (especially financial data), not the amount of data available, that makes a business attractive to cyber thieves.

2 – In addition, new technologies allow cyber thieves to mass-produce attacks on small businesses for little expense and little effort.

3 – Adding to the problem is that, more and more, small businesses are much more cyber-connected to outside entities, connections that can involve the sharing of, and exposure to, large amounts of sensitive customer data.

4 – This leads to an additional reason cyber thieves are more interested in small business systems than they have been in the past. With the increase in these interconnections, cyber thieves have found that, if they are able to hack a small business' system, it may ultimately provide them with access to a large corporation's customer data. For example, it is believed that cyber thieves initially used credentials from a small heating, ventilation, and air conditioning (HVAC) service company, one of Target's third-party vendors, to break into Target's network.

5 – Finally, while larger companies are investing more in cybersecurity, smaller companies seem to be investing less. According to David Burg, global and U.S. advisory cybersecurity leader at PwC (formerly PricewaterhouseCoopers), and a co-author of PwC's "Global State of Information Security Survey 2015," small firms (those with annual revenues of less than $100 million), cut security spending by 20 percent in 2014, while medium and large companies increased security investments by five percent.

Cyber thieves continue to expand their arsenal of weapons to break into small business systems, taking advantage of users' lack of awareness of the problems. According to the "Annual Security Report – 2015," published by Cisco, the volume of spam increased 250 percent from January 2014 to November 2014. Snowshoe spam, which involves sending low volumes of spam from a large set of IP addresses as a way to avoid detection, is becoming an increasing threat.

The Cisco report went on to note that on-line criminals rely on users to install malware or help exploit security gaps. In addition, malware creators use web browser add-ons as a medium for distributing malware and unwanted applications. According to the report, "This approach to malware distribution is proving successful for malicious actors, because many users inherently trust add-ons or simply view them as benign."

The Cisco report also found that fewer than 50 percent of respondents use standard tools such as patching and configuration as ways to help prevent security breaches.

A report published by the National Cybersecurity Institute, titled "2015 Small Business Cyber Security Threats," and written by Carolyn Schrader, founder of Cyber Security Group, identified ten cyber threats that small businesses in specific should prepare for this year. These are: ransomware, social engineering, internet of things, rogue insiders, cyber-espionage, weak passwords or flawed password retrieval processes, mobile device exposure, web-based infections and browser-based exploits, flaws in widely-used open source software, and cyber theft. The report noted: "Cyber crimes are not decreasing. Rather, more crimes will be committed. Recovery will be painful and disruptive. Legal recourse is limited."