New CyberCatch Research Discovers Alarming Increase in Cyber Vulnerabilities for Small and Medium Sized Businesses in US and Canada

For the first time, CyberCatch's SMBVR detected significant vulnerability to 'session riding' attacks among North American SMBs.

May 31, 2022

4 Min Read


CyberCatch today announced the publication of its quarterly Small and Medium-Sized Businesses Vulnerabilities Report (SMBVR) for Q1 2022 to alert small and medium-sized businesses (SMBs) to an alarming rise in vulnerabilities detected in Internet-facing websites, servers and applications. Of greatest concern,

CyberCatch's SMBVR has detected - for the first time in the report's history — substantial levels of vulnerability among both U.S. and Canadian SMBs to "session riding" attacks, an insidious tactic that forces authenticated users to unknowingly submit malicious requests that can have drastic consequences.

The high levels of vulnerabilities detected - across all ten segments both in the U.S. and Canada - is very concerning.

The SMBVR is a quarterly research study focused on SMBs in North America to detect vulnerabilities that a cyber attacker can identify and exploit to break into a business, steal data and or infect its systems with ransomware. The Q1 2022 SMBVR was comprised of scans of a random sample of 12,050 SMBs (10,878 in U.S. and 1,172 in Canada) in ten high-value target segments. Key findings of the Q1 2022 study include:

-- 82% of U.S. and 78% of Canadian SMBs have spoofing vulnerabilities that attackers can easily exploit.

-- CyberCatch's report detected significant levels of session riding vulnerability among SMBs, with 50% of such businesses in the U.S. demonstrating this vulnerability and 49% in Canada. This is the first time this vulnerability has reached such critical levels in the research report.

-- Spoofing, clickjacking, session riding and sniffing are the four key vulnerabilities that SMBs are susceptible to in the U.S. and Canada.

-- Spoofing, clickjacking and sniffing vulnerabilities levels more than doubled in the U.S. when compared to Q4 2021.

-- Defense contractors, manufacturers, managed service providers (MSPs), technology companies, colleges and universities, legal and accounting firms and medical practices have significantly higher rates of vulnerabilities both in the U.S. and Canada.

"The Q1 2022 SMBVR should be a wake-up call for all types of SMBs. The high levels of vulnerabilities detected - across all ten segments both in the U.S. and Canada - is very concerning. It indicates that large numbers of SMBs have security holes that can be easily exploited remotely to steal data and install
ransomware. This is an existential threat to SMBs - and to the overall economies of the U.S. and Canada," said Sai Huda, founder, chairman and CEO, CyberCatch. Mr. Huda is a globally recognized risk and cybersecurity expert and author of the best-selling book, "Next Level Cybersecurity."

"Given its size, limited knowledge about cybersecurity and resources, an SMB may never be able to recover from a cyberattack. Foreign adversaries and criminal gangs view SMBs as the weakest link in the chain and are increasingly targeting SMBs for the initial payout but also to get to the eventual larger target who the SMB may be a supplier to (upstream risk), or to the SMB's customers (downstream risk) and in the process, they don't care a bit about any collateral damage caused or if the SMB survives or not," continued Mr. Huda.

"In fact, two Joint Advisories issued in May 2022 from International Cyber Authorities, confirm the risk identified by CyberCatch. The May 11 Joint Advisory from the U.S. CISA, NSA, FBI and International Cyber Authorities (Canada, UK, Australia and New Zealand)warns of expected increased attacks targeting MSPs focusing on their customers (downstream risk). The majority of MSPs are themselves SMBs and CyberCatch's SMBVR identified MSPs as one of ten segments with significant vulnerabilities that could be exploited. The May 17 Joint Advisory from U.S. CISA, NSA, FBI and International Cyber Authorities (Canada, UK, New Zealand and Netherlands) warns of missing or ineffective cybersecurity controls that are commonly exploited by attackers, which includes failing to scan for vulnerabilities and failing to perform ongoing testing of controls, so SMBs need to take enhanced risk mitigation action as recommended in the Joint Advisories and in the SMBVR," said Mr. Huda.

To download a copy of the SMBVR, please visit CyberCatch's website.

About CyberCatch

CyberCatch is a unique cybersecurity Software-as-a-Service (SaaS) company that protects small and medium-sized businesses (SMBs) from cyberattacks by focusing on the root cause why SMBs fall victim: security holes. It provides an innovative cloud-based SaaS platform coupled with deep subject matter expertise to help SMBs implement just the right type and amount of cybersecurity controls. The platform then performs automated testing of controls from three dimensions: outside-in, inside-out and social engineering. It generates the Cyber Breach Score to continuously measure cyber risk, and finds security holes and guides the SMB to fix them promptly, so attackers can't exploit any missing or broken controls to break in and steal data or infect ransomware. CyberCatch's continuous value proposition: Test. Fix. Secure.

Learn more at:

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights