Your SMB Is At Risk: 10 Cyber-security Trends to Watch Out For In 2018

Malicious exploits and ransomware demands are just a few of the many challenges facing businesses this year, but even though 62% of all attacks hit SMBs, most small to medium enterprises are still not adequately prepared.

Take a close look at the items on this list, and decide where your SMB should hone in on its security in 2018.

1. 600 SMB respondents in the most recent Ponemon survey reported that severe, targeted and sophisticated phishing, social engineering, and web-based attacks on their SMBs increased in 2017 from 55% to 61%. Given the unprecedented growth in cyber-criminality, those risks will skyrocket in 2018.

2. Ransomware threats and attacks are, undeniably on the rise.  Small and mid-sized businesses are hit by 62% of all cyber-attacks or about 4,000 per day, according to IBM. 79% of respondents reported that successful phishing and social engineering attacks were the primary cause of breaches.

3. In the past 12 months, 50% more SMBs had data breaches. Attackers focus on SMBs because they have comprehensive client data and unprotected systems. Only 14% of small businesses consider they can manage or prevent attacks effectively.

4. Employee negligence resulting in breaches, increased by 48% over the previous year but again this year, one-third of the SMBs could not determine what allowed attackers access to system data.

5. Insecure mobile and IoT devices are a massive cause for concern among 67% of the respondents in the SMB study and are considered to be the most vulnerable endpoint. Any unsecured connected devices brought into a network can be easily accessed. 23% of SMBs reported a data breach or security incident related to IoT devices, according to the Ponemon report.

Moreover, Symantec states “The number of attempted attacks against IoT devices doubled during 2016.”

At some points, the average IoT device was attacked once every two minutes! The most significant weakness? A default password.  Only 29% of respondents say they have confidence in their ability to contain or minimize the risk of insecure IoT.

6. 66% – 81% of SMB respondents report that, increasingly, exploits and malware evade their intrusion detection systems and antivirus solutions.

7. Although strong passwords and biometrics (facial recognition and fingerprinting) continue to be essential to security defense, 59% of employers still (no improvement over last year) have no insight into how their employees choose and share passwords.

8. There is some improvement (9% over last year) among SMBs requiring employees to use passwords or biometrics to secure their mobile devices, but 43% – 68% of survey respondents still do not strictly enforce their password policies.

9. A robust security posture requires sufficient funding for technologies, managed security services, and trained IT personnel. Most SMBs use monitored or managed firewalls or intrusion prevention systems and intrusion detection systems and security gateways for messaging or Web traffic but in the evolving malware landscape prevention is key. While some SMBs are spending more on security budgets, many more are not.

10. Cyber attacks cost more this past year for both the damage to and or theft of IT assets (increased from $879,582 to $1,027,053) and disruption to business operations (increased from $955,429 to $1,207,965.)

One more thing to consider:

77% of compromised attacks in 2017 were fileless. The report estimates that fileless attacks are ten times more likely to succeed than file-based assaults because fileless malware leverages known, safe, applications already installed on a user’s computer. To learn more about fileless malware and to research solutions, go to this link.

If you need help to mitigate your SMBs risks, and to protect your data from rapidly evolving cyber threats, contact us at Netcetera, and we will arrange a free assessment of your data protection solutions.