Facts About Cybersecurity Threats to SMBs
Over the past two decades, the risks of malicious cyber-attacks on small and medium businesses has exploded. Yet, according to a cybersecurity report by Florida’s Small Business Development Center (SBDC), 87% of small business owners do not regard their business as at risk for cyberattack. Nothing is further from the truth. Consider these small business cybersecurity statistics:
- SMBs accounted for 43% of all cyberattacks.
Source: Verizon 2019 Data Breach Investigations Report
- Small Business Cyberattacks were up 424% in 2018.
Source: 4iQ Identity Breach Report
- In 2018, cybercriminals sent 430 million new types of malware software out into the world.
Source: How to Protect Your Small Business from Cyberattacks
- The average cost of a cyber attack on an SMB including ransom, data lost, downtime, compliance fees and legal expenses is almost $3 Million per incident.
Source: Ponemon 2018 State of Cybersecurity in Small & Medium Businesses.
- 65% of SMBs that have a password policy do not strictly enforce it.
Source: Business news Daily 2016 State of SMB Cybersecurity
- 83% of SMBs say they lack the funds to deal with the repercussions of a potential cyberattack.
Source: InsuranceBee Cybercrime Survey
- 55% of SMBs cite resources and knowledge as barriers to cybersecurity planning.
Source: BBB 2017 State of Cybersecurity Planning
What Are The Most Common
Cybersecurity Threats to SMBs?
Cyberattacks come in numerous forms, from many different places and for all kinds of reasons. Many cyberattacks are for money, others for control and many are just for “fun”. They can be personal are impersonal. Perpetrators can include large international crime rings, individual hackers, business competitors, disgruntled employees or even company insiders with grudge. Their only commonality: they are malicious actors with bad intent and there are a lot of ways they can harm you. This includes exploiting both technical security vulnerabilities (hardware and software systems) or procedural vulnerabilities (lax corporate policies surrounding email, passwords or access to information).
The most common cybersecurity threats include:
Malware: Malicious software written for the purpose of incapacitating or damaging computer systems.
- Ransomware – A malware tool that encrypts or locks up a victim’s files while displaying a message with demands to recover data. An easy, reliable method of attack for big returns.
- Botnets – A network of robots. This malware typically seizes control of a victim’s computer, while synching it to a larger network of computers. The attackers then use the network to carry out large scale Distributed Denial of Service (DDOS) attacks that overwhelm the systems of targeted victims.
- DDOS Attacks – Carried out via a botnet, this kind of attack utilizes multiple computers all at once to attack another targeted computer or system.
- Sabotage – Any deliberate malicious act that can include deleting files, erasing systems, etc.
Phishing: A “Social Engineering” attack wherein attackers will try to trick their victims into doing something like opening an email that injects malware into their computers or providing the attacker with sensitive information. Phishing attacks are prolific today because they exploit human gullibility.
- Spoofing – A popular form of phishing where an attacker pretends to be another trusted person or company to get the information or access they desire from their victims. This included Business Email Compromise (BEC).
Internet of Things (IOT) Attacks – The Internet of Things refers to interconnected electronic devices of all kinds through the Internet- think smart phones, smart TVs, home security systems, automobiles and more. Attackers gain access to and control of these systems via unchanged hard-coded vendor passwords, phishing attacks and other kinds of network access compromises.
Application Attacks – Application software includes programs on your computer used in facilitating spreadsheets, word processing, timesheets, project management tracking, web browsing and much more. Applications (particularly customer accessible web apps) can be compromised via technical and procedural attacks, allowing malicious actors to steal data, credentials and run malicious scripts.