Stats & Trends
The Barkly Team
Aug 2018

SMBs Facing Increasingly Sophisticated Cyber Attacks

smb-cyber-attack-statistics-2018

Malware attacks on small and midsize businesses are on the rise and getting more sophisticated. In the midst of this growing threat, IT pros are also battling stagnant budgets and the challenge of accurately identifying the most serious risks.

At Barkly, we're dedicated to helping every organization protect themselves from cyber attacks, regardless of their size or budget. For that reason, we're particularly interested in keeping close tabs on how changes to the threat landscape are impacting small and midsize businesses.

To find out, we recently conducted a survey of 100 IT and security professionals at SMBs and asked them what types of attacks and challenges they're experiencing firsthand. Here are some of the key findings. 

SMBs are seeing more attacks in 2018

57% of SMBs reported an increase in attack volume over the past 12 months.

 Tweet this stat

According to our survey, nearly 6 out of 10 organizations have experienced an increase in attacks, and the majority expect that trend to carry through into 2019. 

Top 5 attacks that saw the biggest increase in frequency

Over the past twelve months, small and midsize businesses saw the biggest increases in the following types of attacks:

  1. Attacks abusing Microsoft Office programs
  2. Attacks installing cryptominers
  3. Ransomware attacks
  4. Attacks abusing other legitimate Windows applications (e.g., PowerShell)
  5. Attacks utilizing worming/lateral movement components

Top 5 perceived attack threats

When asked about which attack types they consider to be the most serious threat, respondents put the list in a different order:

  1. Ransomware attacks
  2. Attacks utilizing worming/lateral movement components
  3. Attacks abusing Microsoft Office programs
  4. Attacks installing cryptominers
  5. Attacks abusing other legitimate Windows applications (e.g., PowerShell)


These responses confirm something we've seen directly and confirmed in other security vendor research — ransomware is no longer the most prevalent malware payload. Yet despite the fact that companies are currently more likely to see cryptominer infections than ransomware attacks, it's still the latter threat that has IT pros most concerned. That makes sense when you take into account the severity of the damage ransomware attacks can cause compared to the relatively small immediate impact of cryptominers draining off CPU. What makes cryptominer infections deceptively more dangerous, however, is the fact that they rarely travel alone. In many cases they're deployed alongside other stealthy and more dangerous threats such as remote access trojans (RATs), credential stealers, and spyware. 

While attacks utilizing worming/lateral movement components were #5 on the list IT pros are disproportionately concerned about them over the other attack types on this list for good reason — they create a situation where one errant click from an end user can quickly become a network-wide infection. We've seen a growing number of criminal operations adding worming components to their malware ever since last year's WannaCry outbreak, with the DBGer ransomware-as-a-service platform being one recent example. 

The list also confirms another trend we've been seeing in 2018 — for all the innovations in attack tactics, when it comes to packaging, delivering, and deploying malware, Microsoft Office documents continue to be the primary, tried-and-true option. Thanks to their ubiquity and rich feature sets, Office programs will continue to be a target of abuse, and attackers will continue discovering new ways of exploiting their functionality (see the recent abuse of .iqy files). For that reason, we've put together a free guide all about Blocking Microsoft Office Attacks that reveals ways you can take the most-abused Office features and functionality off the table. 

The sophistication level of attacks is also on the rise

Two-thirds of SMBs report the cyber attacks they're seeing have become more sophisticated.

 Tweet this stat

Not only are SMBs seeing attacks more frequently, two-thirds also report the sophistication level of those attacks is increasing, as well. Criminals are leveling up with a combination of new tactics and more advanced evasion techniques designed to evade antivirus solutions, thanks in large part to the commodification of attack tools and frameworks.

Today, criminals have easy access to a wide array of plug-and-play options that allow them to piece together and launch fairly advanced malware campaigns, even if they don’t have a great deal of technical expertise. Exploit builder kits like ThreadKit and ransomware-as-a-service platforms like GandCrab are well maintained and updated regularly as the latest exploits and attack techniques come to light. As a result, the time between the initial discovery of a new vulnerability or disclosure of new attack tradecraft and its widespread adoption downstream is increasingly shrinking. 

For small and midsize organizations, that means they have less time than ever to become aware of new attack techniques and properly prepare for them. Unfortunately, survey responses also reveal IT and security pros typically aren't getting the support or prioritization they need to ensure they're keeping pace. 

Budgets are stagnant, even after infections take place

Only 36% of SMBs expect their security budget to increase in 2019.

 Tweet this stat

Despite the uptick in attack volume and sophistication, only slightly more than a third of respondents expect their security budget to increase in 2019. 

The lack of new resources can make the situation particularly discouraging for the IT pros on the front lines who have to do the best they can with the resources they have while the situation continues to get more intense.

In some cases, budget can be shaken loose, but only after an infection turns the theoretical risk into a painful reality requiring remediation. What's disturbing, however, is that survey responses indicate only 20% of successful attacks result in changes to security strategies, solutions, or budgets. 

Getting approval and budget to make security changes can be difficult, especially at smaller companies where the pressure is to spend every dollar on generating more revenue. But as long as companies continue to underinvest executives need to know they're playing an increasingly risky game. Dealing with cyber attacks is no longer a matter of if but when, and there's a much better business case to be made for prevention rather than remediation. 

To help IT pros make that business case we've put together a new guide that provides the following:

  • Relevant statistics that explain why investing in security is the right business decision to make
  • Real-world attack examples to help bring those stats closer to home
  • An interactive calculator to help organizations put a dollar amount on their current risk
  • A list of questions IT and security pros should be ready to answer from executives
  • Sample slides to help build and deliver a successful presentation to stakeholders

social-executivebudgetDownload the guide here.

The Barkly Team

The Barkly Team

Providing the latest security alerts and updates with context that makes them useful.

lock-white.png

Stay up-to-date on the latest threats

Join a group of 7,000 IT and security pros who get clear, actionable takes on malware and infosec news.

Subscribe

Comments

Stay informed!

Get the latest security news, tips, and trends straight to your inbox.

Stay informed!

Get the latest security news, tips, and trends straight to your inbox.