The next time you open your phone to admire the creative work you’ve posted on Instagram and the glowing reviews from your followers, think about this;
Kaila Uli was doing just that one morning when disaster hit. Kaila was a small-time entrepreneur from a poor family in Los Angeles. From age 5, she hustled—selling cones, rocks, whatever she could find, all with dreams of running her own business someday.
By 2021, in her mid-20s, she’d made it. Kaila was the founder of Brilles, an online sunglasses business pulling in over a million dollars a year. She wasn’t just sitting back and watching the profits roll in. She lived and breathed her business, working around the clock, handling sales, strategy, marketing—everything. She knew the risks of the internet, too. She set up security measures, even got cyber insurance. She wasn’t naive. So, when you do everything right before bed, nothing should go wrong, right?
Wrong. And Kaila learned this the hard way.
The next morning, her phone was strangely quiet. No notifications. No sales. For someone like Kaila, who usually woke up to hundreds of sales, this was bizarre. She brushed it off at first—just a slow morning. But as the minutes crawled into hours, the slow morning turned into a nightmare.
No sales. Not one.
Panic set in. Every marketing tactic she’d spent months perfecting couldn’t just stop working overnight. Something was off. That’s when she checked her website’s backend and it hit her.
Brilles was under attack.
DDoS attack on kaila’s Small Business
Basically, a DDoS attack had crippled her website. Here’s how it works: an army of zombie computers, or bots, floods your website with so many requests that it overwhelms your server, choking it to the point where real visitors can’t even load the page. They’re blocked out, leaving your site a ghost town. (Learn more about DDoS here).
Kaila was floored. Why her? She wasn’t a massive company with a huge target on her back. Brilles had only three employees—hardly a blip on the radar compared to other businesses. And it wasn’t like they drained her bank accounts or stole sensitive customer data. The only thing they did was sabotage her ability to operate.
Kaila hoped it would blow over, so she waited. She checked her website, hoping the issue would magically resolve itself. But by the next day—and the day after that—the situation hadn’t improved. Her site was still down, her business stuck in limbo.
She couldn’t afford to keep losing revenue like this. Desperation mounting, she finally picked up the phone and called her insurance company. Surely, they could help.
But much to her dismay, the insurance company told her she had to wait it out before they could intervene. So, she waited. Days turned into weeks, and weeks spiraled into months.
Kaila couldn’t take it anymore. Desperate, she decided to build a new website, hoping to leave the nightmare behind. But the attacker struck again, taking down the new site just as swiftly. This relentless assault continued until Brilles, a once-thriving business, simply couldn’t survive. In January 2022, Brilles officially shut down.
Now, imagine you’re Kaila—picture the events. She had built her business from scratch, scaled it to generate over a million dollars in sales per year. She had the marketing savvy and the technical know-how to build her online system. In her mind, she had made it. This was the dream—the business that would change her family’s story forever.
And all it took to crush it was one single cyberattack.
Why was kaila’s business under a DdoS attack?
Why was Brilles—a small, relatively unknown business—the target of such an attack? Kaila will never know. The face behind the attack was never found, never prosecuted. But what she learned, painfully, was that being a small business doesn’t make you immune to cyberattacks. In fact, it makes you vulnerable. One attack can end it all.
Even if you don’t collect customer data or sell your services online, you’re still at risk.
Small business cyber attacks are not just about websites.
Take the story of Anita Sikma Jewelry, a small jewelry business in Vancouver. Anita had spent 15 years using Instagram to sell her designs to clients all over the world. Then, one morning, her account was gone. Hacked.
The attacker took over her profile, posting about bitcoin scams and asking her followers to invest in shady schemes. Worse, they reached out to her loyal clients, requested money, and used her account to target other people’s accounts. Some of her best clients were blocked, cutting her off from the very people she had built relationships with for years. Her small world, her livelihood, was crumbling in front of her eyes.
It took media attention to get Instagram’s help and recover her account. Without it, she might have lost everything.
Why was Anita targeted? Once again, we’ll never know. The attacker disappeared without a trace, and the damage was done. And there’s no doubt there are lots of heartbreaking stories out there. A UK study shows that half of small businesses that experienced a cyber attack never made it back —small business owners being attacked, losing their livelihood, and moving on quietly because they don’t want the media attention.
Cybersecurity is the solution.
The takeaway from these experiences is simple. You won’t always know why you’re the target of a cyberattack. You also won’t always know who might be targeting your business. Those could have been a competitor, an employee, an ex, an upset customer, a stalker, or even a random hacker trying to perfect their skills. And it gets worse when you believe you’re too small to matter, so you skip cybersecurity in your budget or planning.
The solution isn’t to wonder why someone would come after you. It’s to make sure that when they do, they realize they’ve underestimated you. That’s why you must scan for weaknesses, educate your employees on cyber safety, and keep operations really tight. (If you need help, Webifant can help you weave a defensive web around your system that screams “you’re messing with the wrong person” to attackers; Start here)