According to Verizon’s analysis of more than 16,000 incidents, it has been revealed that small and medium-sized businesses (SMBs) are often the targets of cyberattacks. This is understandable considering that in the US and UK, SMBs comprise over 99% of businesses, the majority of private sector jobs, and around half of earnings. However, for IT and business leaders at smaller organizations, the challenge lies in how to effectively manage cyber-risk mitigation with limited resources.
The recent ESET SMB Digital Security Sentiment Report found that 69% of SMBs reported a breach or a strong indication of one in the past 12 months, highlighting the need for urgent action. With this in mind, the focus should be on effectively prioritizing where resources are directed. To do this, hard data is necessary to understand where attackers are focusing their efforts, who they are, and how successful they are.
One of the most rigorous analyses of the threat landscape is the annual Verizon Data Breach Investigations Report (DBIR). The latest edition of the DBIR is based on the analysis of 16,312 incidents, with around a third, or 5,199, confirmed as data breaches. One of the benefits of this long-running series is that readers can compare current trends against historical patterns. The 2023 DBIR offers valuable insights for SMBs to enhance their security strategy.
The report reveals that despite their differences, SMBs and larger organizations are becoming more alike. They are increasingly using the same infrastructure and services, such as cloud-based software, which means their attack surfaces share more similarities than ever before. The report’s authors admit that there is little difference based on organizational size when it comes to factors like threat actor types, motivations, and attack patterns. System intrusion, social engineering, and basic web application attacks account for 92% of SMB breaches today, compared to 85% in large firms. Additionally, 94% of threat actors are external in SMB attacks, compared to 89% in larger organizations, and 98% of breaches are financially motivated.
The report also highlights that external attackers pose the biggest threat, accounting for 83% of breaches overall and 94% in SMB attacks. Internal actors are responsible for only 19% of overall breaches and 7% in SMBs. Interestingly, a combination of internal, external, and partners working in collusion accounted for 2% of SMB breaches, emphasizing the minimal insider risk for smaller firms.
Financial motivation is the driving force behind the vast majority (95%) of breaches overall, increasing to 98% for SMB attacks. This indicates that organized crime is the top threat to small firms, with espionage accounting for just 1% of SMB breaches.
The report also reveals that humans are the weakest link in cybersecurity. Stolen credentials, followed by phishing and exploitation of vulnerabilities, are the main means of entry into victim networks. Humans play a role in 74% of breaches, highlighting the need for improved employee cyber-awareness.
Another striking finding is that the volume of “pretexting” cases, which Verizon says is comparable to Business Email Compromise (BEC), has doubled across all incidents since the previous DBIR. Pretexting has become a bigger threat than phishing, although the latter is still more prevalent in actual data breaches. BEC involves tricking the victim into wiring large sums of money to an attacker-controlled bank account. The increase in BEC cases further emphasizes the importance of the human factor in cyberattacks.
Ransomware remains a top threat, with double extortion tactics leading to it being present in a quarter (24%) of breaches. The median costs of ransomware attacks have more than doubled annually and now stand at $26,000.
The top three attack patterns for SMB breaches are system intrusion, social engineering, and basic web application attacks. Together, they represent 92% of breaches.
To enhance cybersecurity, SMBs can take several best practice controls. These include implementing security awareness and training programs, establishing data recovery processes for ransomware attacks, managing access control through processes and tools like multi-factor authentication, having an incident response management system in place, focusing on application software security, conducting penetration testing, implementing vulnerability management, and considering endpoint detection and response (EDR), extended detection and response (XDR), or managed detection and response (MDR) solutions.
While this list is not comprehensive, it provides a starting point for SMBs to enhance their cybersecurity strategies. It is essential for SMBs to prioritize their resources wisely and take proactive measures to protect themselves from cyber threats. By understanding the evolving data breach landscape and implementing effective cybersecurity measures, SMBs can mitigate the risks they face in an increasingly digital world.