October 25, 2017

Last Updated on January 15, 2024

In a previous blog post, I tried to raise awareness of the fact that, although small businesses were not usually cyber attack “targets” per se, information security is still critical for them because such a high percentage of cybercrime attacks are “opportunistic” (non-targeted). The reality is, every organization is a target regardless of size. 
But SMB cyber attacks are now on the rise… 

Small Business Vulnerabilities are Attracting More Cyber Attacks

A recent Fox Business article highlights a study from security solutions provider Datto showing that ransomware has changed this situation and small businesses are now being specifically targeted over large businesses. That is logical as most small businesses don’t invest enough in the following four key controls necessary to mitigate ransomware risk.

Information Security Practices Missing in Many Small Businesses:

  1. Data backups 
  2. Security awareness training 
  3. Patch and configuration management 
  4. Incident response planning 

I offer a more robust consideration on those four points in this post 
According to Datto’s ransomware survey of over 1,700 managed service providers (MSPs), their SMB clients are being hacked in droves—and it’s likely to continue. Approximately 5% of SMBs worldwide were hacked in the past year, Datto says.  
For many of the victims, downtime and data loss cost far more than the ransom demanded. 75% of MSPs said they had clients that “experienced business-threatening downtime” due to ransomware. Yet only 38% of SMBs polled said they were “highly concerned” about ransomware risk.  
Possibly this stems from a lack of cybersecurity awareness education within SMBs, which is the factor this and other studies indicate is the leading cause of ransomware infection. The study also calls out the criticality of reliable backups, which are seen as “the most effective means for business protection from ransomware…” 
For more information on how SMB’s can build and maintain simple, cost-conscious, and effective security solutions to protect their business, reach out! 

Interested in a checklist to see how ready you are for an ISO 27001 certification audit?

It's a little more complicated than just checking off a few boxes.
To learn more, download our ISO 27001 Un-Checklist now!