Cybercrime is a major problem, of that there is no doubt. However, SMBs are particularly vulnerable to attacks from cybercriminals and one of the main reasons is that they offer relatively easy pickings. SMBs can often be the weakest link when it comes to defending themselves against the likes of phishing, malware, ransomware, Denial-of-Service and spoofing attacks.
While mainstream news outlets are always quick to jump on big companies when they suffer breaches of security, there are countless SMBs that suffer similar fates on a daily basis and such events often get passed by. Big companies might have to deal with the high-profile fallout from cybersecurity incidents, but SMBs are faced with the same consequences of an attack instigated by cyber criminals.
Smaller is better
Cybercriminals like to target SMBs for a number of reasons. Often it is the small and medium-sized companies that don’t pay quite as much attention to dealing with cybersecurity as perhaps they should. Lots of SMBs don’t invest the same sums of money into their cybersecurity systems as the major players and IT departments are often less capable too.
There has also been a tendency by some SMB owners to have a rather lackadaisical attitude towards cybercrime too. Often, there’s not enough budget allocated to the prevention of cybercrime. Dealing with the issue can also be pushed to the back of the priorities queue, even though it should actually be placed firmly at the front of the high priority to-do list.
Areas of weakness
This obviously leaves SMBs with a potentially big issue to deal with and, with prevention being better than cure, it can often come back to bite SMBs who don’t put adequate safeguards in place. If SMBs leave themselves exposed it can lead easily lead to ransomware attacks, which can prove costlier in the long run than taking adequate preventative measures in the first place.
A ransomware attack can be the SMBs worst nightmare. Companies can be targeted and data stolen, which if an SMB hasn’t also invested in sufficient data back-up systems, could mean the company will have to pay a ransom fee for the retrieval of its data, or leave it having to refuse to pay up and have to deal with the potentially disastrous outcome of losing valuable information.
Knock-on effects
It's easy to see that SMBs who fail to invest in adequate cybersecurity prevention measures can leave themselves wide open to attacks. Without backing up files, small and medium-sized companies can often be faced with no choice other than to pay a ransom demand. The other issue with this sort of frequent incident is that cybercriminals can often collate stolen data and add it to their growing stockpile of data.
Stolen data frequently includes the personal data of clients and customers, which as cybercriminals add it to their existing collection can often mean they soon have huge swathes of information that can become even more valuable in subsequent cyber attacks and ransomware attempts. What’s more, accessing SMB systems can frequently allow cybercriminals to take closer steps towards infiltrating larger businesses the SMBs deal with. Sometimes it can simply be a matter of joining up the dots.
Exploiting weaknesses
Considering cybercrime has received so much exposure, it is surprising to see just how many SMBs still don’t take the threat of attack as seriously as they should do. However, this suits the cybercriminal agenda just fine and they are frequently one step ahead of businesses where they have already spotted potential weaknesses in the company’s security strategy.
A recent report by security experts Kaspersky highlighted several areas where cybercriminal are exploiting weaknesses in the SMB IT landscape. It found that while many SMBs are well-equipped when it comes to having all the right tools for remote and hybrid working, productivity and selling activity, SMBs are frequently leaving themselves bare when it comes to having proper cybersecurity measures in place.
Type of threat
Software is often one of the main areas where cybercriminals can exploit weaknesses in the security systems of SMBs. Kaspersky identified many everyday software programs that can present SMBs with headaches, many of which are ubiquitous in business around the globe. Spreadsheet software Microsoft Excel is one of the topmost targets software programs for cybercriminals, closely followed by the likes of Microsoft Outlook, Microsoft PowerPoint along with Microsoft’s Word and Teams programs.
The security holes run wider and deeper though, with the likes of Skype for business, ClickUp and Hootsuite all offering cybercriminals with other potentially rich pickings for accessing company, employee and customer data. Trojan attacks are still the most common cyberthreat faced by SMBs, but they’re also facing a relentless barrage of phishing attempts most commonly via email but the likes of spoofing via social media is another threat that can often be missed by less diligent IT departments in smaller business.
Taking measures
Preventative measures by SMBs is the only way that the threat of cybercrime can be lessened. This requires business owners to adopt an end-to-end solution to dealing with the problem and also to instil a more diligent attitude towards security throughout the business. While purchasing the right cybersecurity software can help to fend off attacks from cybercriminals, it’s vital for workers to work alongside the likes of spam filters and email authentication protocols to help keep threats minimised.
SMBs need to produce a cyberprotection plan if they do not already have one in place and action the measures they need to take sooner rather than later. It’s vital to have a directive in place on how to deal with email accounts, shared folders and any other data that might be in the online environment. IT departments have to have the ability to police permissions effectively and ensure that any cloud or locally stored data is always backed up.
As reports in the media so often attest, leaving it too late can usually be a costlier exercise than having the right preventative measures set up in the first place.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Rob Clymo has been a tech journalist for more years than he can actually remember, having started out in the wacky world of print magazines before discovering the power of the internet. Since he's been all-digital he has run the Innovation channel during a few years at Microsoft as well as turning out regular news, reviews, features and other content for the likes of TechRadar, TechRadar Pro, Tom's Guide, Fit&Well, Gizmodo, Shortlist, Automotive Interiors World, Automotive Testing Technology International, Future of Transportation and Electric & Hybrid Vehicle Technology International. In the rare moments he's not working he's usually out and about on one of numerous e-bikes in his collection.