Saturday, March 15, 2025
Homecyber securityWhy SMEs Should Worry About Cybersecurity in 2022

Why SMEs Should Worry About Cybersecurity in 2022

Published on

SIEM as a Service

Follow Us on Google News

Is cybersecurity for SMBs a major concern? 

Fortune reported that the world saw a 105% surge in ransomware attacks in 2021 alone.

With more and more businesses either moving online or utilizing the internet more heavily, there are more risks to businesses and their customers than ever.

Cybercrime Magazine reports that global cybercrime costs are expected to grow by 15% year over year, reaching $10.5 trillion by 2025, up from $3 trillion in 2015.

SME cybersecurity can no longer be ignored. Here’s why.

Data Breaches & Compromise

The news often reports and focuses on data breaches impacting major companies like Facebook, Amazon, and Google. But this doesn’t mean it’s any less of a concern for SME cybersecurity.

IBM found that the average cost of a data breach for SMBs with less than 500 employees was $2.98 million.

Here are just some of the possible ramifications of data breaches:

● The compromising of sensitive client data can result in fines, damages, and insurance claims

● A widespread breach can result in brand and reputation losses

● These and other factors can impact revenue negatively

Implementing sophisticated security solutions AppTrana for example is the primary way to address data breaches and cybersecurity for SMBs. If your infrastructures are insufficient, now would be a good time to address these concerns.

Business Email Compromise

Email is utilized heavily by most companies for internal and external – business and personal – communication alike. Cybercriminals know this tendency well and are liable to exploit this fact.

Business Email Compromise (BEC) is also known as Email Account Compromise (EAC), and the tactic utilizes legitimate-looking email messages from credible-looking sources, making them harder to spot.

Whether it’s a vendor sending an invoice from an updated email address, or an executive asking her assistant to purchase employee gift cards, BEC involves creating perfectly plausible-sounding scenarios to exploit the end-user and steal resources from the business.

The cost of a BEC attack is exceedingly high. Digital Guardian showed that the average cost of a wire transfer from a BEC attack rose from $54,000 in the first quarter of 2020 to $80,183 in the second quarter alone.

While there are many areas to address in cyber security for small businesses, BEC is a growing concern and expensive to resolve.

Payroll Diversion Phishing Scams

Payroll diversion scams could be considered a subset of business email compromise attacks since they typically utilize seemingly legitimate-looking emails. Ultimately, though, it’s a form of phishing.

Attackers will craft urgent-sounding email messages requesting changes to employee bank account information and sufficient data to impersonate said employee(s).

If the email subject line includes the keyword “urgent,” it may be a dead giveaway. But unless your entire organization is educated on cybersecurity threats for small businesses, it is too easy to fall for payroll diversion scams.

Comprehensive cybersecurity solutions for SMBs should include a rigorous training program.

Ransomware Attacks

While it’s easy to think ransomware attacks would not apply to your company, Metallic reports that 46% of SMBs have been victims of ransomware attacks. MSSP Alert has shown that 10% of victims end up paying the ransom demand.

Paying the ransom, however, isn’t a reliable long-term solution because:

  • It encourages cybercriminals to continue taking money from other businesses
  • Many companies who paid a high price to secure their data still weren’t able to retrieve it
  • Companies often end up losing data, money, reputation, and revenues

Why do Cyber Hackers go After Small Businesses?

This might seem like a mystery to SMEs, given that bigger companies typically have more resources to exploit. So, wouldn’t it make sense for cybercriminals to go after larger organizations instead of messing with smaller companies?

The truth is that small businesses typically do not have the same cybersecurity infrastructures that a larger company does. Big businesses often have more resources at their disposal, better IT talent, and more sophisticated software and approaches to mitigating incidents.

It stands to reason that you would be a better target for a hacker if you are more vulnerable to their attacks, even if you don’t have the resources a larger company might have. In some cases, hackers may only need to work half as hard to achieve the same degree of theft.

Even if you can’t afford what larger businesses can afford, SMBs would do well to invest in software, employee training, and a legal professional.

Conclusion

How is your company handling cybersecurity for SMBs? What is your overall strategy? Are you investing in security software? Are you educating your team on best practices and cyber security threats for small businesses? It’s easy to think it will never happen to you, but with internet usage increasing and hackers targeting more SMEs than ever, you can’t afford to be lackadaisical. While it might seem tedious and costly, protecting against possible threats ensures the longevity and success of your business.

Latest articles

Hackers Exploiting Exposed Jupyter Notebooks to Deploy Cryptominers

Cado Security Labs has identified a sophisticated cryptomining campaign exploiting misconfigured Jupyter Notebooks, targeting...

AWS SNS Exploited for Data Exfiltration and Phishing Attacks

Amazon Web Services' Simple Notification Service (AWS SNS) is a versatile cloud-based pub/sub service...

Edimax Camera RCE Vulnerability Exploited to Spread Mirai Malware

A recent alert from the Akamai Security Intelligence and Response Team (SIRT) has highlighted...

Cisco Warns of Critical IOS XR Vulnerability Enabling DoS Attacks

Cisco has issued a security advisory warning of a vulnerability in its IOS XR...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Hackers Exploiting Exposed Jupyter Notebooks to Deploy Cryptominers

Cado Security Labs has identified a sophisticated cryptomining campaign exploiting misconfigured Jupyter Notebooks, targeting...

AWS SNS Exploited for Data Exfiltration and Phishing Attacks

Amazon Web Services' Simple Notification Service (AWS SNS) is a versatile cloud-based pub/sub service...

DeepSeek R1 Jailbreaked to Create Malware, Including Keyloggers and Ransomware

The increasing popularity of generative artificial intelligence (GenAI) tools, such as OpenAI’s ChatGPT and...