Olivier Le Moal - stock.adobe.co

Reports underline SME exposure to cyber attacks

A couple of pieces of research have made it clear that small and medium firms are in the firing line

Security research is issued all the time but there have been a couple of reports this week that can be used by the channel to underline to customers, particularly SMEs, just how vulnerable they are to a rising tide of risk.

The bank holiday had barely finished before insurance giant Hiscox issued a report that warned that not only had cyber attacks reached a new intensity but more small and medium sized firms had been in the firing line.

The consequences have been an increase in cyber losses and more firms failing a 'cyber ready test'. But spending had increased by a quarter by firms anxious to protect data.

Those working in the technology, media and telecoms sector have been some of the major victims to supply chain incidents as criminals targets the weakest links. The majority of firms are now doing a review of the robustness of their relationships at least once a quarter.

"Where hackers formerly focused on larger companies, small and medium-sized firms now look equally vulnerable. The cyber threat has become the unavoidable cost of doing business today," said Gareth Wharton, Hiscox Cyber CEO.

That has been followed up by findings from Malwarebytes that underlined that businesses were the primary targets with detections worldwide increasing by 235% in the first quarter of this year.

Ransomware made an unwelcome return to plague many customers with trojan variations also climbing in the first three months. Echoing Hiscox the Malwarebytes Q1 Cybercrime Tactics and Techniques report found that SMEs were in thr firing line as criminals took advantage of the limited resources most of those businesses could throw at data protection.

Andy Baldin, vice president EMEA at Ivanti, said that it was no great surprise that businesses were being targeted because they owned valuable data.

"The expectation is that large organisations have the resources to implement strong security controls. Having the resources, and applying the right priorities for investment in security, unfortunately, are two different things. Project priorities tend to focus on supporting business strategies rather than preventing attacks," he said.

"A successful cyber-attack does a lot more damage, than a delayed business SAP implementation, for example. As a result, the cyber criminals are seeing greater potential for success – both in hacking business systems, as well as the rewards associated with this – so they are investing more of their time and efforts into this strategy. In order to mitigate against these threats, businesses must make sure they are implementing a back to basics and layered security strategy," he added.

Others in the industry have also seen the cyber criminals increasing the focus on commercial data with the number of business customers that are targeted rising.

“There’s been a definite shift in the cyber landscape in recent years; cybercriminals have changed their focus from consumers to businesses. Zero day attacks are on the rise and estimated to be a daily occurrence by 2021. This is largely down to digitisation within organisations and there’s more pressure on developers to deliver software faster - leaving systems vulnerable. This problem is exacerbated by hackers becoming more sophisticated, enabling them to bypass defences more easily," said Marie Clutterbuck, CMO of Tectrade.

Read more on Data Protection Services