New analysis of incident data shows threat actors are evolving their attack techniques to take advantage of budget and resource-strapped small businesses.
We’ve seen industry data showing that cybercriminals have been slowly creeping downward from solely going after enterprises to targeting the SMB.
Today, the cyber crime economy is so vast that there are a growing number of services and threat groups that would rather go after a smaller reward in exchange for not garnering attention from federal/international law enforcement agencies.
According to the 2024 Sophos Threat Report, new ways threat actors are approaching attacks on the small business to improve their success rates include:
- Using web-based malware distribution: a mix of malvertising or SEO poisoning designed to fool potential victims into downloading malware.
- Leveraging unprotected systems: small businesses have less budget, with the result being the running of OSes and applications that have fallen out of support (read: unpatched and secure). Threat actors are looking for these kinds of opportunities.
- Ditching the single-email phish: rather than sending out a simple phishing email to accomplish the malicious goal, threat actors are using a string of emails and responses to make their phishing activity more convincing.
- Use of low-vigilance platforms: when you receive texts and use social media, the default thought isn’t “maybe this is a cyber attack.” Attackers are abusing third-party services and social media platforms known to users to avoid raising any red flags.
What’s evident by the Sophos report is that threat actors are paying attention to how their target victims act, think and respond — changing their tactics to improve the chances of a successful attack.
Even small businesses need to have the entire organization enrolled in new-school security awareness training so that these highly-targeted businesses are better prepared for the evolving scams aimed specifically at their businesses.
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!
