Saturday, December 2, 2023

Why SMEs Should Worry About Cybersecurity in 2022

Is cybersecurity for SMBs a major concern? 

Fortune reported that the world saw a 105% surge in ransomware attacks in 2021 alone.

With more and more businesses either moving online or utilizing the internet more heavily, there are more risks to businesses and their customers than ever.

Cybercrime Magazine reports that global cybercrime costs are expected to grow by 15% year over year, reaching $10.5 trillion by 2025, up from $3 trillion in 2015.

SME cybersecurity can no longer be ignored. Here’s why.

Data Breaches & Compromise

The news often reports and focuses on data breaches impacting major companies like Facebook, Amazon, and Google. But this doesn’t mean it’s any less of a concern for SME cybersecurity.

IBM found that the average cost of a data breach for SMBs with less than 500 employees was $2.98 million.

Here are just some of the possible ramifications of data breaches:

● The compromising of sensitive client data can result in fines, damages, and insurance claims

● A widespread breach can result in brand and reputation losses

● These and other factors can impact revenue negatively

Implementing sophisticated security solutions AppTrana for example is the primary way to address data breaches and cybersecurity for SMBs. If your infrastructures are insufficient, now would be a good time to address these concerns.

Business Email Compromise

Email is utilized heavily by most companies for internal and external – business and personal – communication alike. Cybercriminals know this tendency well and are liable to exploit this fact.

Business Email Compromise (BEC) is also known as Email Account Compromise (EAC), and the tactic utilizes legitimate-looking email messages from credible-looking sources, making them harder to spot.

Whether it’s a vendor sending an invoice from an updated email address, or an executive asking her assistant to purchase employee gift cards, BEC involves creating perfectly plausible-sounding scenarios to exploit the end-user and steal resources from the business.

The cost of a BEC attack is exceedingly high. Digital Guardian showed that the average cost of a wire transfer from a BEC attack rose from $54,000 in the first quarter of 2020 to $80,183 in the second quarter alone.

While there are many areas to address in cyber security for small businesses, BEC is a growing concern and expensive to resolve.

Payroll Diversion Phishing Scams

Payroll diversion scams could be considered a subset of business email compromise attacks since they typically utilize seemingly legitimate-looking emails. Ultimately, though, it’s a form of phishing.

Attackers will craft urgent-sounding email messages requesting changes to employee bank account information and sufficient data to impersonate said employee(s).

If the email subject line includes the keyword “urgent,” it may be a dead giveaway. But unless your entire organization is educated on cybersecurity threats for small businesses, it is too easy to fall for payroll diversion scams.

Comprehensive cybersecurity solutions for SMBs should include a rigorous training program.

Ransomware Attacks

While it’s easy to think ransomware attacks would not apply to your company, Metallic reports that 46% of SMBs have been victims of ransomware attacks. MSSP Alert has shown that 10% of victims end up paying the ransom demand.

Paying the ransom, however, isn’t a reliable long-term solution because:

  • It encourages cybercriminals to continue taking money from other businesses
  • Many companies who paid a high price to secure their data still weren’t able to retrieve it
  • Companies often end up losing data, money, reputation, and revenues

Why do Cyber Hackers go After Small Businesses?

This might seem like a mystery to SMEs, given that bigger companies typically have more resources to exploit. So, wouldn’t it make sense for cybercriminals to go after larger organizations instead of messing with smaller companies?

The truth is that small businesses typically do not have the same cybersecurity infrastructures that a larger company does. Big businesses often have more resources at their disposal, better IT talent, and more sophisticated software and approaches to mitigating incidents.

It stands to reason that you would be a better target for a hacker if you are more vulnerable to their attacks, even if you don’t have the resources a larger company might have. In some cases, hackers may only need to work half as hard to achieve the same degree of theft.

Even if you can’t afford what larger businesses can afford, SMBs would do well to invest in software, employee training, and a legal professional.


How is your company handling cybersecurity for SMBs? What is your overall strategy? Are you investing in security software? Are you educating your team on best practices and cyber security threats for small businesses? It’s easy to think it will never happen to you, but with internet usage increasing and hackers targeting more SMEs than ever, you can’t afford to be lackadaisical. While it might seem tedious and costly, protecting against possible threats ensures the longevity and success of your business.


Latest articles

Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own...

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...

Hotel’s Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...

US-Seized Crypto Currency Mixer Used by North Korean Lazarus Hackers

The U.S. Treasury Department sanctioned the famous cryptocurrency mixer Sinbad after it was claimed...
Vinugayathri is a Senior content writer of Indusface. She has been an avid reader & writer in the tech domain since 2015. She has been a strategist and analyst of upcoming tech trends and their impact on the Cybersecurity, IoT, and AI landscape. She is a content marketer simplifying technical anomalies for aspiring Entrepreneurs.

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles