Should SMBs deal with cyberattacks the same way as large enterprises?

Organizations around the world continue to face increasing cyberattacks, especially when more businesses are digitalizing their operations and services than ever before. While large enterprises can afford to have multiple layers of protection, small and medium businesses (SMBs) often only focus on securing the most important data in their company.

In the past year, some of the biggest ransomware cyberattacks targeted large US corporations like fuel company Colonial Pipeline, meat supplier JBS, and managed services provider (MSP) Kaseya. With a larger cachet of funds available to them, many of these cyberattacks were sorted with some ransom being paid to cybercriminals.

Despite the perception that they are too small to target, SMBs are increasingly vulnerable due to supply chain attacks and greater use of automation by ransomware groups. According to Acronis Cyberthreats Report Mid year 2021, SMBs are at particular risk, based on the attack trends seen during the first six months of the year.

The report revealed that during the first half of 2021, 4 out of 5 organizations experienced a cyberattack originating from a vulnerability in their third-party vendor ecosystem. That’s at a time when the average cost of a data breach rose to around $3.56 million, with the average ransomware payment jumping 33% to more than US$ 100,000.

For a large enterprise, the amount is more of a financial hit. However for SMBs, such an amount might sound the death-knell for them, which Acronis believes is a major concern for the second half of 2021. “While the increase in attacks affects organizations of all sizes, something that’s under-reported in the coverage of current cyberthreat trends is the impact on the small business community,” explained Candid Wüest, Acronis VP of Cyber Protection Research.

“Unlike larger corporations, small and medium-sized companies don’t have the money, resources, or staffing expertise needed to counter today’s threats. That’s why they turn to IT service providers – but if those service providers are compromised, those SMBs are at the mercy of the attackers.”

US SMBs targeted the most

The country with the most malware detections in the first half of 2021 was the United States with 26.1% in June, followed by Germany with 12.6%, and the United Kingdom with 5.4%. Ransomware-as-a-service continues to see new variants emerge, acting as redistributors of already established threats. This leads to an even wider distribution of pervasive ransomware threats.

Data from Statista showed that from April to May 2021, there was a global increase of 16.4% of blocked ransomware attacks, followed by a decrease of 9.6% in June. The reasons behind such fluctuations vary. On one hand, cybercriminals often operate in waves. On the other hand, some attacks are blocked earlier in the chain, so the final ransomware is never downloaded and therefore not counted in this graph.

As SMBs rely heavily on MSPs, any supply chain attack against an MSP would affect both the MSP business and all its clients. This was clearly seen during the Kaseya attack in which most of their SMB clients could not access their data and operations. A successful attack on an MSP would mean a breach that can eventually affect thousands of SMBs.

Apart from ransomware, SMBs have also had to deal with rampant phishing attacks in the first half of 2021. Using social engineering techniques to trick unwary users into clicking malicious attachments or links, phishing emails rose 62% between Q1 and Q2 2021. That spike is of particular concern since 94% of malware is delivered by email.

At the same time, two-thirds of remote workers now use work devices for personal tasks and use personal home devices for business activities. As a result, attackers have been actively probing remote workers, with a 300% increase in brute-force attacks against remote machines via remote desktop protocol reported.

While enterprises may be able to recover from cyberattacks over time, the situation may not be same for SMBs. Having adequate cybersecurity is not only key in protecting their business but also ensuring their operation is able to survive should they ever face a cyberattack. MSPs offer protection, but SMBs also need to be sure they have sufficient backup and recovery at hand.