New data shows small and medium enterprises are increasingly targeted by criminals.
The most eye-catching cybercrimes are launched against big companies, institutions and states – with dramatic consequences if they succeed. But we need to be aware of the risk to small and medium enterprises (SMEs), who are sitting ducks for many attacks, warns a new report.
Atlas VPN analysed the range of attacks launched last year against SMEs to see what scale and scope they encountered as they went about their daily business. What they discovered was a shocking indictment of the state of cybersecurity for smaller businesses across Europe.
The company analysed responses to the European Union Agency for Cybersecurity (ENISA) survey, which polls nearly 250 mid-sized organisations across Europe about the risks and issues they’ve faced in the last year. The survey was conducted between July and September 2020.
Phishing and web-based attacks highest
As might be expected from businesses who have rapidly retooled their working practices to encompass the work from home revolution pressurised by the pandemic, SMEs across Europe were more likely to report they were the victim of attacks that targeted and leveraged social engineering more than others.
Phishing was seen as the most common form of attack launched against small businesses last year.
A staggering 41% of firms saying they had fallen victim to some kind of attack involving phishing for data. Next worst in terms of the frequency of attacks launched against mid-sized businesses was web-based attacks – with four in 10 businesses saying they had encountered an issue with something like that over the course of 2020.
The third worst type of attack businesses encountered in the last 12 months was general malware, which blighted businesses that aren’t the biggest. “Many small companies underrate the possibility of an attack happening to them due to their size,” says William Sword of Atlas VPN. “However, that is precisely what hackers search for, as they can get quick money with a ransomware threat from lesser secured SMEs.”
Underlying issues to blame
One in five businesses of a middle size said that a malicious insider was the source of some of their attacks, while one in eight European businesses claimed they had fallen foul of a denial of service attack. Social engineering was the next worst type of attack launched against small and medium-sized firms, while compromised and stolen devices were reported by seven percent of businesses.
The reason for the rise in attacks – and the type being launched – seems obvious.
The way we work has entirely changed due to the altered circumstances in which we find ourselves thanks to the coronavirus, and as a result, attacks that might previously have failed are finding leverage within businesses getting used to a new way of working.
“The pandemic caught SMEs unprepared, as they have fallen victims to quite simple and non-sophisticated cyberattacks,” says Sword. “This is a signal for European SMEs to tackle this issue more seriously and work on educational programs for their employees.”
It’s for this reason that Atlas VPN recommends businesses take some small actions in order to try and better secure their IT. “Establish basic security practices for employees,” says Sword.
"A set of rules describing how to handle sensitive data and use the internet securely would lower the risk of employee mistakes causing a data leak or a cyberattack.”
Likewise, keep all software up to date with patches to prevent any vulnerabilities being able to be exploited, and in the unlucky event that you still end up on the wrong side of a hack, have a backup of your data in the cloud.
“A backup can help to save data in case of a data breach or a ransomware attack,” advises Sword. “It would cost much more to recover your data once it is lost rather than keeping it in the cloud.”