Press Releases

“UTTER HORROR”: What Happens When Small Business Suffers a Cyberattack

f t # e
Washington, April 20, 2016 | comments

Committee Hears Harrowing Story about Small Biz Cybersecurity

Expert: Could Be Used as Conduit to Attack Gov’t Systems

WASHINGTON – Today, a small business owner from Maine shared his harrowing personal experience as the victim of a cyberattack with members of the House Committee on Small Business. At the hearing, expert witnesses also told lawmakers that increased, sophisticated cyberattacks pose a threat to both small businesses and the federal government.

“The owners, employees and customers of America’s 28 million small businesses need to have confidence that their data is secure,” said House Small Business Committee Chairman Steve Chabot (R-OH). “I think it is fair to say that confidence has been shaken in recent years with the cyber-attacks on the IRS, the State Department, OPM, and even the White House. Between foreign hackers from countries like China and Russia and domestic identity thieves, the federal government has a target on its back that seems to get larger by the day.”

“With all of the uncertainty facing small businesses in today’s world of e-commerce, it will take vigilance by all federal agencies and the watchful eye of this Committee to ensure the data of small businesses and individual Americans remains secure.” Chabot added


“When I started my business I had the naïve expectation that I would be able to follow my passion and race go-karts with the help of my wife and a few close friends,” testified Rick Snow, a small business owner from Scarborough, Maine. “Phishing can happen to anyone, phishing attacks are meant to scare you and make you act without thinking, given the right circumstances, anyone can be lured by them. I am certainly no exception.”

“I logged into our bank accounts, and to my utter horror, I found that my balance was zero,” explained Snow. “This was a pay day, and I was terrified that the paychecks that were issued that day would not clear. We were supporting a number of families, many of which live paycheck-to-paycheck and could not have made it without the paycheck we issued them that day. I was also very worried about our business’ reputation since a restaurant nearby had just bounced their paychecks and the company never recovered from the bad publicity they received from not making their payroll.”

“If the federal government cannot protect its networks and data from cyberattacks with almost unlimited resources at its disposal, how can we expect America’s small businesses to do so?” asked Snow.


“The impact of small businesses on the government should be considered in at least two key ways,” testified Kevin Dunn, the Technical Vice President for NCC Group Security Services, Inc. “The first concerns the direct and indirect connectivity between a small business and a Government Network. The second concerns small businesses in the government supply chain.”

If the small business is compromised by a targeted attacker, it could be used as a conduit for gaining access to government systems,” concluded Dunn.

Mr. Dunn said he has spent the last fifteen years carrying out cybersecurity attacks against private companies and government organizations looking for vulnerabilities in their systems. His testimony before the Committee today was informed by those experiences.

You can read the full testimony from today’s hearing here and view video of the hearing here.


  • Small business cybersecurity has been a top priority of the House Committee on Small Business this Congress.
  • Just last week, Chairman Chabot questioned IRS Commissioner John Koskinen about what steps his agency was taking to beef up cybersecurity after a breach exposed data from 700,000 accounts.
  • Chabot and Committee members also pressed Small Business Administrator (SBA) Maria Contreras-Sweet on cybersecurity vulnerabilities at her agency after a GAO report found serious shortcomings with SBA’s IT Security.
  • The Internet Crime Complaint Center within the United States Department of Justice recorded 269,422 cyber security related complaints in its 2014 report. This is an increase of over 1500 percent from the year 2000.


f t # e