Small Businesses Are More Frequent Targets Of Cyberattacks Than Larger Companies: New Report

Originally posted on Forbes

 

When it comes to avoiding cyberattacks, bigger is apparently better. At least that’s according to a new report that shows small businesses are three times more likely to be targeted by cybercriminals than larger companies.

 

Between January 2021 and December 2021, researchers at cloud security company Barracuda Networks analyzed millions of emails across thousands of companies. They found that, on average, an employee of a small business with less than 100 employees will experience 350% more social engineering attacks than an employee of a larger enterprise.

 

CEOs And CFOs Are Attractive Targets

Some people who work at small businesses are more at risk of being attacked than others.

 

According to the report, “Hackers target high-value accounts for takeover. Accounts of CEOs and CFOs are almost twice as likely to be taken over compared to average employees. Once they have access, cybercriminals use these high-value accounts to gather intelligence or launch attacks within an organization.

 

“Executive assistants are also a popular target as they often have access to executive accounts and calendars and usually can send messages out on behalf of executive teams.”

 

A Surprising Survey Result

Barracuda Networks said their report examined current trends in “spear-phishing, which businesses are most likely to be targeted, the new tricks attackers are using to sneak past victims’ defenses, and the number of accounts that are being compromised successfully.”

 

Mike Flouton, the company’s vice president of product management, said the most surprising survey finding was that one in five organizations have had at least one account compromised in 2021.

 

“Breaking this down further, this translates into almost half a million Microsoft 365 accounts [that weere]compromised—that’s a lot of real estate for hackers to launch their attacks and spread laterally within organizations,” he observed.

“This also highlights how many organizations can be vulnerable without a right set of protection tools. Once inside, it can be especially difficult to detect an intruder until it’s too late and they have already acted,” Flouton said.

 

Advice For Business Leaders Review

Flouton counseled, “Above anything else, organizations need to review how they protect their emails and their users.

 

Supplement Technology

“Hackers no longer rely solely on ‘traditional’ threats such as spam or malware, therefore traditional email filtering technology is no longer sufficient to prevent modern-day attacks. It needs to be supplemented with machine learning security to protect against all email threat types,” he said.

Flouton recommended that, "In addition to having threat prevention capabilities, it must also have the ability to detect and respond to threats post-delivery.”

This includes detecting the takeover of accounts, training end-users to recognize and report suspicious messages, “and the ability to automate response to these threats so they can be eliminated before they can cause damage,” he concluded.

 

Challenges And Realities

To put the cyberattacks on small businesses in perspective, it is important to remember the challenges and realities they are dealing with..

 

A Spike In Cyberattacks

In February, Tech Republic noted that the Covid pandemic has led to a spike in the number of cyberattacks from hacker groups. “According to BlackBerry, there was a 600% increase in cybercrimes due to the pandemic, and a whopping 667 million new malware detections were discovered worldwide during 2020.

“The report estimates that four million additional cybersecurity experts are needed globally to help mitigate the large number of digital attacks, and one million daily security alerts are seen in 25% of security operations centers.”

 

Fewer Resources

“Small businesses often have fewer resources and lack security expertise, which leaves them more vulnerable to spear-phishing attacks, and cybercriminals are taking advantage,” said Don MacLennan, Barracuda’s senior vice president of engineering and product management email protection.

“That’s why it’s important for businesses of all sizes not to overlook investing in security, both technology and user education. The damage caused by a breach or a compromised account can be even more costly,” he observed.

Exposure To New Ransomware Attacks

 

USA Today warned that, “As Russian military forces escalate attacks in Ukraine, the United States is bracing for another kind of invasion closer to home.’

“Small businesses are most vulnerable to the expected wave of ransomware attacks. Cybersecurity professionals are urging them to take immediate steps to defend themselves.”

“Most small businesses are the perfect target for ransomware hackers,” said Corey White, CEO of security firm Cyvatar.

 

Weak Points

Inc. reported in January that a study from cybersecurity platform provider CyberCatch found that “more than 30% of U.S. small businesses have weak points that bad actors can exploit. Moreover, fraudsters tend to set their sights on small businesses since smaller companies usually have weaker security safeguards in place compared with those at larger companies.”

 

Let's Talk

Back to Blog