Over Half of SMBs Experience Phishing and Social Engineering Attacks

PonemonThe assertion that SMBs aren’t a cyber-target is officially dead. SMBs are victims of the very same attacks as enterprises in growing numbers, according to new research.

Most SMBs don’t have the same cybersecurity resources as larger organizations, so it’s critical for them to focus on protecting against the most prevalent types of attacks SMBs face.

According to the latest data from Ponemon in their 2019 Global State of Cybersecurity in Small and Medium Businesses report, SMBs are feeling the heat of cyberthreats:

  • 66% experienced a cyberattack in the last 12 months
  • 63% experienced a data breach in the last 12 months
  • 69% say cyberattacks are becoming more targeted
  • 60% say cyberattacks are becoming more sophisticated
  • 61% say cyberattacks experienced are becoming more severe in terms of negative consequences
  • 39% say more time is needed to respond to cyber incidents

So, what are the big attack vectors SMBs are experiencing? According to the research:

  • Social Engineering / Phishing plague 53% of SMBs
  • Web-based attacks (50%)
  • Malware (39%)
  • Compromised or Stolen Devices (37%)
  • Credential Theft (29%)

The big issue here is the use of social engineering; whether as part of a phishing or web-based attacks, the use of social engineering tactics help to draw the victim in, create a sense of urgency, and do enough to cause the victim user to act in the desired way. Users are not educated with Security Awareness Training to be vigilant, looking for indications that an email may be malicious in nature. And in SMBs especially, the lack of a security culture and proper security tools in place is cause enough to focus on aspects of security that will have a material impact on keeping the organization secure.

Request A Quote: Security Awareness Training

products-KB4SAT6-2-1New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your quote for KnowBe4's security awareness training and simulated phishing platform and find out how affordable this is!

Get A Quote Now

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Subscribe To Our Blog

Cybersecurity Awareness Month Resource Kit

Get the latest about social engineering

Subscribe to CyberheistNews