Over Half of SMBs Experience Phishing and Social Engineering Attacks

The assertion that SMBs aren’t a cyber-target is officially dead. SMBs are victims of the very same attacks as enterprises in growing numbers, according to new research.

Most SMBs don’t have the same cybersecurity resources as larger organizations, so it’s critical for them to focus on protecting against the most prevalent types of attacks SMBs face.

According to the latest data from Ponemon in their 2019 Global State of Cybersecurity in Small and Medium Businesses report, SMBs are feeling the heat of cyberthreats:

• 66% experienced a cyberattack in the last 12 months
• 63% experienced a data breach in the last 12 months
• 69% say cyberattacks are becoming more targeted
• 60% say cyberattacks are becoming more sophisticated
• 61% say cyberattacks experienced are becoming more severe in terms of negative consequences
• 39% say more time is needed to respond to cyber incidents

So, what are the big attack vectors SMBs are experiencing? According to the research:

• Social Engineering / Phishing plague 53% of SMBs
• Web-based attacks (50%)
• Malware (39%)
• Compromised or Stolen Devices (37%)
• Credential Theft (29%)

The big issue here is the use of social engineering; whether as part of a phishing or web-based attacks, the use of social engineering tactics help to draw the victim in, create a sense of urgency, and do enough to cause the victim user to act in the desired way. Users are not educated with Security Awareness Training to be vigilant, looking for indications that an email may be malicious in nature. And in SMBs especially, the lack of a security culture and proper security tools in place is cause enough to focus on aspects of security that will have a material impact on keeping the organization secure.