Under Siege: The Threat to SMB Cybersecurity


Every day, businesses around the world, including US small-to-medium size businesses (SMBs), are under attack from dark forces. Criminal enterprises and hackers, disgruntled individuals, “hacktivists,” and foreign political and business adversaries are all hard at work attempting to break into computer systems to steal data, disrupt continuity, and to use systems to attack other systems.

Cybersecurity is front and center as a global security concern, and for a good reason. Businesses, both large and small, are threatened by a variety of bad actors, but it’s SMB that are the most attractive marks for malevolent cyber actors. That’s because, according to the Small Business & Entrepreneurship Council, SMBs account for almost half of the US Gross Domestic Product (GDP) and account for close to 100 percent of all import and export business. For those with evil intent, many SMBs are especially vulnerable. They lack the resources and the commitment to robustly protect the systems that keep their businesses operating and guard their most valuable asset – corporate, employee, and customer data.


The most popular threat vectors to SMBs include:

  • Email scams
  • Ransomware
  • Phishing (obtaining sensitive data under pretense)
  • Social engineering (manipulating individuals to give up information)
  • Denial-of-service

Among the top SMB cybersecurity concerns are targeted phishing attacks against employees, advanced persistent threats, ransomware, denial-of-service attacks, and the proliferation of vulnerable bring-your-own-device (BYOD) work environments. Phishing/social engineering was the root cause of 79 percent of successful ransomware attacks.


And these businesses are not just worried about a little disruption and inconvenience – they can be easily put out of business when their IT ecosystems and data are compromised. That’s because 54 percent of all cyber-attacks cause financial damages exceeding $500,000, according to the Cisco SMB cybersecurity report. That price tag, along with a damaged reputation and broken trust, is hard to survive.

According to a recent study by independent privacy and security intelligence advisor Ponemon Institute, 61 percent of SMBs reported some kind of cyber-attack or data breach last year, up 6 percent from 2017. Fifty-four percent reported a data breach in 2018, up 4 percent from 2017, when half of all SMBs surveyed said their data files had been compromised in some way. In their study, The State of Cybersecurity in Small and Medium-Sized Businesses, Ponemon reported that more than half of all respondents experienced either successful or unsuccessful ransomware attacks, while only 21 percent of the firms in the study rated their ability to mitigate cyber-risks, vulnerabilities, and attacks as highly effective.

More SMBs are now experiencing situations in which exploits and malware have evaded their intrusion detection system and anti-virus solutions, which failed a whopping 81 percent of survey respondents. In fact, malware of all types is a major and growing problem, according to Cisco’s 2018 SMB Cybersecurity Report, which found that 53 percent of mid-market companies in 26 countries experienced a breach caused by malware.

This particularly insidious threat vector is becoming more difficult to identify because cyber-attackers are getting more adept at developing delivery software that can evade traditional detection and employ more sophisticated malware. Fortunately, there are specific actions organizations can take internally to combat cyber-threats, and with the help of external cyber defense forces, develop a robust defense posture to protect their businesses and data from exposure and intrusion.

Are you interested in how GuardSight can help you combat cyber-threats? Are you interested in how GuardSight can help improve your cybersecurity posture to protect your businesses and data from exposure and intrusion?Contact us for a free consultation.


Comments are closed.