Why are SMBs Under Threat?

AnubisNetworks By AnubisNetworks • November 6, 2020

With such big targets like large and well-established companies, cybercriminals have no reason to attack small and mid-sized businesses, right? Wrong. The truth is that the more unprepared companies are, even if profits seem fewer, the better they will suit opportunistic criminals.

Big corporations are understandably obvious targets for hackers and other cybercriminals. They are notable, deal with considerable sums of money, and have a large workforce often stationed all over the world. With such great targets, small to medium-sized businesses have nothing to worry about, right? Wrong.

Recent studies have shown that SMBs are more often than not a real target of cyberattacks. For some businesses, one attack is enough to shut down entirely because, according to the US National Cyber Security Alliance, 60% of SMBs fail in a couple of months following a cyberattack. This statistic paints a sobering picture and urges SMBs to consider making cybersecurity a priority.

Why Are Cybercriminals Targeting SMBs?

To put it simply, it’s easy money, for several reasons:

  • The smaller the business, the less likely it is to have an adequate cyber defense.  Smaller companies often lack such measures like strong security policies and cybersecurity educational programs, and lack cybersecurity software, for their communication mediums, such as website, email, and mobile phone. This means that attackers can open their book of the most commons vulnerabilities, such as poorly trained personnel, weak passwords, and dated applications, and start  planning their attack.
  • Less people may sound easier to control, but it is also easier to track down (especially resorting to social media) if you plan a direct attack using social engineering (email phishing or BEC, for example)
  • SMBs need and want to grow, so they're open to new customers and new partner and business opportunities in a more relaxed way that bureaucratic large companies. Some cyber attackers specialize in hacking specific business types of industries, polishing their expertise with every new attack. 
Email - A Key Entry Point for Cybercriminals

If you're a small business owner or manage an IT department at SMBs, it's crucial to know that the number one tactic used to target SMBs is email. 

SMBs employees remain the main and most prominent target for hackers. Phishing is one of the usual ways that cybercriminals target SMBs. The goal of such a cyberattack is to tempt employees to click a link and open an attachment, which will lead them to a fraudulent website where they will be robbed of confidential information, such as login credentials, or where they will infect their computers with malware.

Hackers also use email to take control of business accounts, which is known as corporate account takeover. This type of attack is accomplished through malicious email hyperlinks that lead users to phoney websites where they type in their login credentials. Hackers can then use this info to compromise the company's internal documents and processes, sensitive data, or financials. Add the fact that people often use the same password for multiple accounts, which creates another problem since hackers can also use the stolen credentials to get into their other personal accounts.

How Can SMBs Protect Themselves?

SMBs can start by following these steps:

  • They should conduct a safety audit of their information technology to discover all the vulnerabilities and ensure that they have a backup system in place for their data
  • They should use multi-factor authentication
  • They should train their employees and have regular phishing simulations
  • They should own a reliable email security system.

Remember that due to their limited infrastructure and resources, SMBs often make inviting targets for cybercriminals. Unfortunately, many SMB owners think their size means their businesses will not be targeted. To be precise, 51% of SMB leaders don't see their business as vulnerable to cybercrime, which leads them to neglect their cybersecurity infrastructure.

New call-to-action