If there is one thing that we learned about SMB cybersecurity last year, it is that cybercriminals have found a sweet spot. Attackers are continuing to pounce on businesses that sometimes lack the resources to maintain a robust security posture.
But, amidst all the news about how small and medium-sized businesses are getting hit by cyberattacks, there is a sliver of SMB cybersecurity good news.
The SMB mindset of “that’s never going to happen to me,” is beginning to fade.
Why?
According to a Ponemon Institute report, in the fiscal year 2019, 66% of SMBs have experienced a cyberattack and 63% experienced a data breach. This in turn has led to 75% of SMBs now agreeing that there should be more emphasis placed on security in their organization.
And with SMBs working on beefing up their cybersecurity investments, here are some key trends to watch out for:
No business is too small for ransomware
Ransomware is becoming a very expensive problem for SMBs. Ransomware doesn’t just hold your data hostage, but also results in business downtime which results in lost profits. With cybercriminals going after businesses that can’t afford to shut down or don’t have proper backups in place, expect ransomware attacks to be more targeted and better implemented in 2020. And studies show, SMBs which tend to spend less on information security were at a higher risk of being hit by ransomware than their larger counterparts. Also watch out for new ransomware strains that can bypass traditional security solutions.
Spear phishing attacks are getting craftier
Spear phishing has become the attack method of choice for hackers to extract sensitive information and money from businesses. It is a type of phishing campaign where cybercriminals send malicious emails to specific and well-researched targets while pretending to be a trusted sender. These campaigns are so well-crafted that they can easily dupe even your most security-savvy users and trick them into downloading malware or divulging sensitive information. As these attacks become more damaging and prolific – according to Microsoft data the percentage of inbound phishing emails climbed from 0.31% in September 2018 to 0.62% in September 2019 – start investing in robust email security solutions to protect against these threats.
Investing in security awareness training is paying off
Employees are your first line of defense when it comes to network security. Providing them with security awareness training on a regular basis ensures that they are up to date on the latest threats and techniques used by cybercriminals. Such trainings are effective in preventing data breaches and downtimes: Webroot research found security awareness training combined with phishing simulations cut clicks on phishing links by 70%, when delivered with regularity. But with cyberthreats constantly evolving, it is important these trainings keep pace with those changes and incorporate them in their simulations and training topics.
Leveraging threat intelligence can augment SMB cybersecurity
Threat intelligence isn’t just for enterprises. You can leverage threat intelligence to identify the most exploited vulnerabilities and the threats SMBs are most likely to face. This will help guide your cybersecurity strategy, prioritize your cybersecurity efforts and make investment decisions accordingly. Threat intelligence can also extract key indicators-of-compromise that can help reduce the time in identifying and containing a breach.
Cyber resilience is more than a buzzword
Industry experts are already talking about how being cyber resilient can improve your organization’s overall cybersecurity posture. With cyberattacks battering SMBs, being cyber resilient ensures businesses are prepared for advanced threats and can recover quickly in the event of an attack. Remember, embracing a comprehensive, multi-layered approach to cybersecurity – and investing in both antivirus and backup is a key component of it -- makes businesses more resilient against cyberattacks.
As you continue to protect, detect and respond in 2020, remember that Carbonite and Webroot™ has joined forces to cater to your cybersecurity and data protection needs – and to make your business cyber-resilient.