These statistics show more cyber attacks are hitting small businesses. They also explain how, why, and what we can do about it.
As if small business owners didn’t already have enough on their plates, recent data indicates that SMBs actually suffer the lion's share of malware infections. That may be surprising considering it's typically major corporate data breaches and huge ransomware pay days that dominate the headlines. But the numbers suggest there’s a whole host of smaller-scale attacks that are wreaking havoc on small businesses on a daily basis.
If you're a small business owner, or if you work with small businesses in an IT capacity, here's what you need to know.
It’s true — small businesses are actually big victims when it comes to cyber attacks. Not only do they suffer more malware infections, the frequency of attacks against SMBs appears to be on the rise, as well. According to the Ponemon Institute's 2017 State of Cybersecurity in Small & Medium-Sized Businesses report, the percentage of small businesses that have experienced a cyber attack in the past 12 months is up from 55% in 2016 to 61% in 2017.
One way to interpret those findings is to assume that cyber criminals are explicitly targeting small businesses, but it’s more likely that SMBs simply present more vulnerabilities. After all, it's giving most hackers too much credit to consider them sharpshooters. They tend to utilize opportunistic approaches and techniques that can be better described with terms like "spray and pray." For smaller companies, it’s often simply a matter of being caught in the line of fire without adequate protection.
That said, small business owners should be aware that their companies do represent worthwhile opportunities for hackers. While smaller companies may not have resources or data at the scale of enterprise-level organizations, they do have valuable business data (such as customer information that could be used in identity theft crimes) and can often provide access to larger companies via unprotected connections (ex: the massive Target data breach of 2013 was perpetrated by hacking a small HVAC company first).
Not only are small businesses being hit by hackers, the attacks are costing them a lot of hard-earned cash. In 2017, average malware-related costs for small and medium-sized businesses included $1,027,053 due to damage or theft of IT assets, and $1,207,965 due to disruption to normal business operations. Sobering, right?
In general, cybercrime is big business. It’s predicted that by 2021, cybercrime will cost the world $6 trillion annually. That’s double the $3 trillion tab cybercrime racked up in 2015. Ransomware damage costs alone are on track to hit $11.5 billion in 2019, at which point it’s estimated that a business will fall victim to a ransomware attack every 14 seconds.
These numbers can sometimes seem too big or abstract to translate into real-world terms, but the bottom line is they are built on thousands and thousands of very real attacks. Our next statistic helps paint a more detailed picture of how those attacks play out.
How do hackers gain access to small business networks in the first place? Not surprisingly, the number one tactic is email, or, more specifically, email attachments. According to the Symantec's 2018 Internet Security Threat Report, 88% of malicious emails use malware-laden attachments to ensnare their victims.
To put that in day-to-day terms, on average, each user at a small business (fewer than 250 employees) receives nine malicious emails per month. That means that if you have 10 employees, your company could be at risk of an email-borne malware infection an average of 90 times each month. To avoid infection, either your firewall or email filtering has to come through or your employees have to make the smart decision 90 out of 90 times. All it takes is one slip or one wrong click for your business to be compromised.
And, unfortunately, email isn't the only thing you have to worry about. While email is the starting point for a majority of attacks on small businesses, there are other points of entry that can be just as or even more effective.
Microsoft's Remote Desktop Protocol (RDP) is one example that continues to gain traction, especially in attacks on small businesses. The reason is many small businesses outsource their IT, and one of the most common remote management tools is RDP.
If you've ever had an IT person login to your computer and take over your keyboard and mouse to work on an issue, chances are they were using RDP.
RDP is an incredibly useful tool, but when left exposed to the Internet, it can be a beacon for attackers who can attempt to establish their own connection by cracking RDP passwords (what's known as a brute-force attack). RDP brute-force attacks have become especially popular ways of staging ransomware infections, with the groups behind SamSam, CrySiS, LockCrypt, Shade, and other ransomware variants all getting in on the act.
Email remains the most common method of getting a foot in the door. Once that initial access has been established, however, the techniques attackers use to evade security, deploy malware, and establish control over compromised computers are changing.
According to another recent Ponemon study, the majority (77%) of successful attacks in 2017 utilized exploits or other "fileless" techniques that were able to bypass the victims' security. Because these techniques replace the need for dropping malicious executable files on disk, traditional security solutions such as antivirus (AV) programs can't detect them. With no file to scan, there's unfortunately nothing AV can do (to learn more about fileless techniques, see our Hype-Free Guide to Fileless Attacks).
Thanks to their effectiveness, the Ponemon study estimates a third of all attacks in 2018 will make use of fileless techniques.
Ransomware also continues to be a growing concern for small businesses, with more than half of the organizations we surveyed for our 2017 Endpoint Security Risk Report experiencing one or more ransomware incidents in 2017. Of those organizations, 40 percent experienced multiple ransomware incidents.
Recent data indicates ransomware is no longer the most prevalent form of malware, however. That title now belongs to cryptominers — malware designed to hijack an infected system's resources in order to mine cryptocurrency without the victim's knowledge.
The growth of cryptomining malware is staggering. According to IBM, cryptomining attacks increased by 600% between January and August of 2017. Researchers at Checkpoint reported that cryptominers affected more than half (55%) of organizations globally in December 2017.
What makes this shift in payloads especially notable for small businesses is that cryptominers are a completely different threat than ransomware. Organizations that responded to ransomware infections by investing in backup were smart to do so, but now they face a threat designed to infect them just as effectively while quietly draining their resources and bogging down their systems over time. Small businesses need to adapt their security efforts accordingly, and make sure they’re properly equipped to address infections that aren’t as blatant as ransomware.
To prevent these silent attacks from taking hold, organizations need to prioritize preventative measures like replacing legacy antivirus solutions with stronger, more modern endpoint protection, instead.
Because of these new realities, small businesses are getting serious about upgrading their protection. The number one priority for companies is making sure they have advanced malware protection and prevention in place. This is a smart move given that only 21% of small and medium-sized businesses rate their ability to mitigate cyber risks, vulnerabilities, and attacks as highly effective. 81% of SMBs report that exploits and malware have evaded their antivirus solutions.
While malware and the techniques cyber criminals use to inflict it on their victims continues to evolve, you’ll be glad to know that the good guys have been keeping pace with sophisticated developments of their own.
Companies no longer need to rely solely on traditional AV solutions with well-documented gaps.
The new breed of endpoint security solutions, like Barkly, leverage machine learning and greater system visibility to block even today's most advanced attacks before any damage can be done. Better yet, Barkly is specifically designed to meet the operational and administrative needs of small and mid-sized companies. It's a solution that has all the power without any of the unnecessary complexity found in other endpoint protection solutions. You can even manage it and intuitively respond to alerts right from your phone.
Find out what others are saying about Barkly. See the latest review in SC Magazine or check out customer reviews on Gartner Peer Insights. You can also learn how Barkly is helping one Director of Technology stay ahead of evolving threats and get more time back in his day in the video below.
Get the latest security news, tips, and trends straight to your inbox.
Get the latest security news, tips, and trends straight to your inbox.