Cybercrime often makes headlines when big corporations are hit, but the truth is, small and medium-sized businesses (SMBs) are more often in the crosshairs. These businesses, which the Small Business Administration defines as those with 500 or fewer employees, are the backbone of the U.S. economy.
Unfortunately, SMBs are facing a growing threat from cyberattacks, which can have devastating financial impacts. In fact, 73% of SMBs experienced a cyber incident in the past year, highlighting just how vulnerable they are – especially since they often have fewer resources to fend off and recover from these attacks.
So, why are cyber attackers so intent on targeting small and medium-sized businesses (SMBs)?
Our Global Threat Intelligence Center’s annual report highlights just how real this threat is for SMBs in 2024. Over 50% of ransomware victims have fewer than 200 employees, and two-thirds have fewer than 500. So, what makes smaller businesses with lower revenues such attractive targets for criminals? Let’s dive into this issue and explore practical ways to protect these businesses.
Small businesses offer criminals more than ransom opportunities
Despite their size, small businesses often possess significant amounts of valuable customer data. In fact, 87% of small businesses hold customer financial data and personally identifiable information (PII), making them prime targets for cybercriminals who sell this data on the dark web, steal identities and commit other types of fraud. For example, SMBs like hotels, medical practices and retail business store customer data in CRM and POS systems. With only 17% of small businesses encrypting their data, cybercriminals can easily exploit any access they gain. Additionally, as more business tools transition to fully cloud-based, software-as-a-service systems, new vulnerabilities emerge for businesses without a strong cybersecurity infrastructure.
SMBs and third-party vulnerabilities
Small businesses often play important roles in strategic partnerships and supply chains, linking with various other businesses. Cybercriminals see them as vulnerable entry points to access larger networks, viewing them as weak links to exploit in reaching bigger targets.
A prime incident from 2023 involved a ransomware group that exploited MOVEit file transfer software, exposing 93 million individual records. This incident serves as a cautionary tale. Although the attack originated from a zero-day vulnerability and was technically a data breach, it quickly spread like a virus, affecting over 2,600 downstream organizations. MOVEit’s cloud and on-premises environments were compromised. Some companies were not directly exposed by the MOVEit tool but were affected through third-party vendors using it. Threats can propagate downstream, upstream and laterally.
Moving cybersecurity up on business priority lists
Small business leaders, especially those in early-stage companies, are understandably focused on essential functions like payroll, marketing, and day-to-day operations. However, it’s encouraging to see that more small and medium-sized business owners are recognizing a crucial reality: we live and work in a digitized, interconnected world. Even those industries which are traditionally manual or physical have become computerized. Construction contractors use software to obtain bonds and manage projects and procurement. Plastics manufacturers use software vendors for raw materials pricing and market research.
As businesses move money faster and increase efficiencies, they become more interconnected. Despite this, 59% of small business owners believe their business is too small to be targeted, leading to complacency - something cybercriminals are well aware of. Cybersecurity should not be treated as a luxury add-on; data and systems security should gain equal footing with physical security.
They know SMBs are not on top of cybersecurity
Cybercriminals often view small businesses as easier targets due to their lack of dedicated IT staff and cybersecurity expertise. SMB leaders have a lot to contend with these days, from inflation and interest rates to employee benefits and supply chain issues – a data breach could undermine it all. Many business owners overlook the costs associated with recovering from an attack and restoring operations.
In recent years, the rise of AI and machine learning has accelerated automation, including in cybersecurity technology. This advancement has made robust and affordable cybersecurity accessible to small businesses, even those without technical expertise. Among these advancements is our threat intelligence, which stands out for its ability to protect against sophisticated attacks. Take MOVEit for example. By identifying known indicators of compromise (IOCs) and enabling early detection and proactive defense, our threat intelligence can effectively guard against such threats. This capability is especially important for SMBs, which can face significant risks from cyber threats due to their often-leaner security setups. For more on how threat intelligence can enhance SMB security, read our previous article.
Security backstop for the human element
Employees at small businesses often lack sufficient training in cybersecurity practices, making them vulnerable to threats such as phishing and social engineering attacks. Employee training is paramount. The National Cybersecurity Alliance’s 2023 report found that 94% of respondents changed their behavior after attending cybersecurity training, yet many business still do not provide such awareness programs.
While human error is inevitable, small businesses should use a defense-in-depth approach with multiple failsafe measures. For example, if a personalized spear phishing attack gets past the first layer of protection, Samurai XDR adds another layer by detecting the threat and automatically responding, helping to reduce the potential impact. You can learn more about this in our article, “Why you need XDR despite effective security controls.”
With the proliferation of generative AI and large language model tools like ChatGPT, new threats have emerged. In fact, while businesses leverage these tools for customer service and productivity, hackers are using them to enhance their tactics. XDR is designed to keep pace with these emerging threats.
A cyberattack on a small business can be catastrophic. Samurai XDR addresses critical gaps that traditional security solutions miss or fail to protect against. It detects the subtle movements of bad actors within the environment that often evade traditional security measures. Given the persistent nature of security threats, our defense must be equal, if not more persistent. XDR does just that.
About the Author:
Greg Garten is the Chief Technology Officer of NTT Security Holdings and Samurai XDR, with 25 years of experience ranging from telco/carrier to advanced technology startup environments, focusing on the creation and delivery of global managed services. Greg has been with NTT for over 10 years, focusing on the engineering and product development of their cybersecurity platforms, products, and services. Greg has also held various engineering and executive roles at companies such as Intuit, Cisco, Silver Lake Sumeru, Exodus Communication, Cybera, and several overseas technology startups and multinational technology companies. He is an active Member IEEE, ISC2, and ISSA.
3 Takeaways:
Small businesses are increasingly targeted by cybercriminals: Cybercriminals view them as weak links in the supply chain and often have less sophisticated security measures in place.
The consequences of cyberattacks on small businesses can be devastating: The long-term costs of data breaches, reputational damage, and business disruption can be catastrophic for small businesses.
Proactive cybersecurity measures are essential for small businesses: Investing in cybersecurity technologies, employee training, and threat intelligence can significantly reduce the risk of a successful cyberattack.
Bibliography:
Featured articles
The Importance of XDR for Regulatory Compliance
5 September 2024 | XDR
The SEC's 2024 cybersecurity disclosure rules mandate public companies to disclose incidents and detail their risk management strategies. Even non-public...
Samurai Threat Intelligence - what is it and how our customers get value
5 September 2024 | Threat Intelligence
Threat intelligence is a critical component of any cybersecurity approach, it assists in identifying and tackling existing and new waves...
Integrating Microsoft Sentinel with Samurai XDR for Enhanced Threat Detection
3 September 2024 | Cybersecurity 101
Microsoft Sentinel, a cloud-native SIEM platform, offers robust security analytics and integration with Azure, but its complexity can be challenging...