When it comes to avoiding cyberattacks, bigger is apparently better. At least that’s according to a new report that shows small businesses are three times more likely to be targeted by cyber criminals than larger companies.
Between January 2021 and December 2021, researchers at cloud security company Barracuda Networks analyzed millions of emails across thousands of companies. They found that, on average, an employee of a small business with less than 100 employees will experience 350% more social engineering attacks than an employee of a larger enterprise.
CEOs And CFOs Are Attractive Targets
Some people who work at small businesses are more at risk for being attacked than others.
According to the report, “Hackers target high-value accounts for takeover. Accounts of CEOs and CFOs are almost twice as likely to be taken over compared to average employees. Once they have access, cybercriminals use these high-value accounts to gather intelligence or launch attacks within an organization.
“Executive assistants are also a popular target as they often have access to executive accounts and calendars and usually can send messages out on behalf of executive teams.”
A Surprising Survey Result
MORE FOR YOU
Barracuda Networks said their report examined current trends in “spear-phishing, which businesses are most likely to be targeted, the new tricks attackers are using to sneak past victims’ defenses, and the number of accounts that are being compromised successfully.”
Mike Flouton, the company’s vice president of product management, said the most surprising survey finding was that one in five organizations have had at least one account compromised in 2021.
“Breaking this down further, this translates into almost half a million Microsoft 365 accounts [that weere]compromised—that’s a lot of real estate for hackers to launch their attacks and spread laterally within organizations,” he observed.
“This also highlights how many organizations can be vulnerable without a right set of protection tools. Once inside, it can be especially difficult to detect an intruder until it’s too late and they have already acted,” Flouton said.
Advice For Business Leaders
Flouton counseled that, “Above anything else, organizations need to review how they protect their emails and their users.
“Hackers no longer rely solely on ‘traditional’ threats such as spam or malware, therefore traditional email filtering technology is no longer sufficient to prevent modern day attacks. It needs to be supplemented with machine learning security to protect against all email threat types,” he said.
Flouton recommended that,“In addition to having threat prevention capabilities, it must also have the ability to detect and respond to threats post-delivery.”
This includes detecting the takeover of accounts, training end-users to recognize and report suspicious messages, “and the ability to automate response to these threats so they can be eliminated before they can cause damage,” he concluded.
Challenges And Realities
To put the cyberattacks on small businesses in perspective, it is important to remember the challenges and realities they are dealing with..
A Spike In Cyberattacks
In February, Tech Republic noted that the Covid pandemic has led to a spike in the number of cyberattacks from hacker groups. “According to BlackBerry, there was a 600% increase in cybercrimes due to the pandemic, and a whopping 667 million new malware detections were discovered worldwide during 2020.
“The report estimates that four million additional cybersecurity experts are needed globally to help mitigate the large number of digital attacks, and one million daily security alerts are seen in 25% of security operations centers.”
“Small businesses often have fewer resources and lack security expertise, which leaves them more vulnerable to spear-phishing attacks, and cyber criminals are taking advantage,” said Don MacLennan, Barracuda’s senior vice president of engineering and product management email protection.
“That’s why it’s important for businesses of all sizes not to overlook investing in security, both technology and user education. The damage caused by a breach or a compromised account can be even more costly,” he observed.
Exposure To New Ransomware Attacks
USA Today warned that, “As Russian military forces escalate attacks in Ukraine, the United States is bracing for another kind of invasion closer to home.’
“Small businesses are most vulnerable to the expected wave of ransomware attacks. Cybersecurity professionals are urging them to take immediate steps to defend themselves.”
“Most small businesses are the perfect target for ransomware hackers,” said Corey White, CEO of security firm Cyvatar.
Inc. reported in January that a study from cybersecurity platform provider CyberCatch found that “more than 30% of U.S. small businesses have weak points that bad actors can exploit. Moreover, fraudsters tend to set their sights on small businesses since smaller companies usually have weaker security safeguards in place compared with those at larger companies.”