With a majority of SMBs experiencing an increase in attack frequency and sophistication in 2018, cybersecurity efforts need to be a primary emphasis for IT teams in the SMB.
SMB cybersecurity is constantly being characterized as being underprepared, citing a lack of funding, expertise, and executive support. New data from endpoint protection vendor Barkly points to the SMB being a bigger target for cybercriminals.
In a recent survey of 100 IT pros in the SMB, Barkly uncovered the following:
- 57% of SMBs reported an increase in attack volume over the past 12 months
- Two-thirds reported an increase in attack sophistication
- Only 36% of SMBs expect their security budget to increase in 2019
This is certainly disturbing. SMBs that fall into my previous characterization are ripe to become a victim of a cyberattack. Barkly also provided the top five most frequent attack types on the SMB:
- Attacks abusing Microsoft Office programs
- Attacks installing cryptominers
- Ransomware attacks
- Attacks abusing other legitimate Windows applications (e.g., PowerShell)
- Attacks utilizing worming/lateral movement components
This specific attack data gives SMBs real insight into where they need to place their security focus. By working backwards from these kinds of attack vectors, it’s clear to see that in all these cases, the need for an attacker to compromise a user and their endpoint is necessary.
That means these attacks likely begin with phishing scams or drive-by downloads from compromised websites.
So, how can the SMB beef up security without breaking the bank?
SMBs need to look for cost-effective ways to significantly augment security. Security Awareness Training provides a 37% reduction in malware infections, and is a cost-effective means to elevate your organizations security.
Cyber-attacks are rapidly getting more sophisticated. GDR Group will help train your employees to better manage the urgent IT security problems of social engineering, spear-phishing and ransomware attacks. Take the first step now and email firstname.lastname@example.org to request a quote for Security Awareness Training and Phishing Testing for your organization.