According to a recent benchmark survey, more than 50% of all cyber attacks result in financial damages of more than $500,000
Which could include lost revenue, lost customers, lost opportunities, and out-of-pocket expenses. This level of damage is enough to put many small and medium-sized businesses out of operation permanently.
Cyber attackers are increasingly focusing their attention on SMB businesses as they see them as a soft target with less sophisticated cybersecurity protection and a lack of in-house skills to defend from attacks. In addition, SMBs are oftentimes targeted as a route to initiate attacks on the more lucrative larger enterprise business where they expect to get access to a potential treasure trove of data. Exploiting the less sophisticated defences of SMBs is often an easier option than the more sophisticated and greater resources that may face attackers of enterprise businesses.
Another unsurprising statistic taken from business surveys stated that more 50% of businesses would become unprofitable within a month of if they lost access to essential data.
Downtime after an attack was also a major issue, 40% of businesses that experienced a cyber attack experienced downtime of more than 8 hours and the attack took down more than half their systems. Because of the interconnected nature of SMB networks, an attack on one system can quickly spread throughout the business and impact other systems.
SMB organisations worry most about these 3 things
- A well-crafted phishing attack targeting an individual
- Advanced persistent threats such as unknown malware
There were many other concerns that ranked closely behind the ones highlighted. These included cloud computing, proliferation of mobile devices, insider data exfiltration and compliance constraints to name a few.
SMBs that experience a Ransomware oftentimes pay the ransom because they typically do not have the expertise to recover the data and are also unable to operate their business without access to data for a sustained period of time.
A new and fast-growing threat is crypto mining, where attackers drop malware on endpoints and use their resources for crypto mining which can be lucrative as well as largely untraceable. There is also less likelihood of a criminal prosecution if they are caught.
The threat of insiders though relatively small is quite significant and needs growing attention. The survey found that approximately 0.5% of users posed an inside threat. As businesses move towards cloud computing, the potential for losing valuable intellectual property increases dramatically because SMBs are not as savvy about implementing cloud security as their large enterprise cousins. The proliferation of cloud has seen security Data Centre systems reworked into a cloud platform but with very little thought about security. There is also a misunderstanding about where security responsibility lies for cloud data in terms of what the service and the customer is responsible.
Our next blog will provide more insights into SMB security challenges and what the could be doing to overcome them. In the meantime check out 10 Ways To Secure Your Business From Cyber Attacks