Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:30 AM
Marc Wilczek
Marc Wilczek
Connect Directly
E-Mail vvv

Under Attack: Over Half of SMBs Breached Last Year

Many small and midsize businesses work faster and harder than large enterprises, but they're just as vulnerable to cybercrime.

Today, every company, large or small, that does business online is prey for cybercriminals. Unfortunately, the smaller ones (with fewer than 250 employees) and midmarket firms (250 to 499 employees) are often the first to be hit. Moreover, they can serve as springboards for larger hacking campaigns. The bad guys see small/midmarket businesses as low-hanging fruit because they typically have only basic security precautions in place and lack the sort of in-house staff equipped to deal with serious IT threats.

According to Cisco's "Small and Mighty" Cybersecurity Special Report — drawing on data gathered from 1,816 respondents across 26 countries — more than half (53%) of midmarket companies suffered a security breach in 2018.

As outlined in the survey's report, respondents worry most about targeted attacks against employees (think phishing), advanced persistent threats (such as new types of malware), and distributed denial-of-service attacks (which flood a company's servers with so much traffic that they crash).

Cloud Adoption Requires Cloud-Based Defense Strategies
Because they are such attractive targets — and especially since they usually lack knowledgeable IT staff or dedicated network security personnel — smaller businesses need to be extra vigilant and find creative ways to detect and mitigate online skullduggery, and perhaps even more so than their larger counterparts.

In response to these security challenges, many companies are choosing to take advantage of cloud-based security solutions that cost less than the human alternatives. The use of cloud services among smaller businesses is increasing every year. According to Cisco, 55% of these businesses said in 2014 that some of their networks were hosted in the cloud; in 2017, that rose to 70%.

Clearly, rather than doing it themselves, smaller businesses are turning to hired IT guns to provide corporate cybersecurity. According to the survey, 57% use outside advice and consulting; 54% outsource incident response; and 51% employ external firms to monitor security. Not a bad idea in light of the global shortage of cybersecurity talent.

40% of Respondents Taken Offline for More Than Eight Hours
Most of today's small/midmarket businesses understand that the more complex their product and vendor environment is, the greater their responsibilities. For example, 77% of midmarket businesses say they had trouble setting up alerts. Consequently, a mere 54% of these alerts are looked into, leaving 46% beneath the surface, ready to do damage. Not every unattended alert will be damaging, but the ones that are can be catastrophic.

Cisco's Benchmark Study found that in 2018, 40% of respondents at smaller companies (250 to 499 employees) had eight hours or more of downtime attributable to a major security breach. The research suggests the same occurred in the bigger organizations in the study (500 or more employees). The key difference is that larger firms tend to be better off than their smaller counterparts after an attack because they have more resources to devote to response and recovery. Also, 39% of respondents experienced a severe breach in at least half of their systems. Smaller-scale companies are less likely to have many different locations or business departments, and their critical systems are usually more interconnected.

Recovering from a Cyberattack Can Be Difficult and Costly
Twenty-nine percent of midmarket companies say breaches cost them less than $100,000. A further 20% estimate that breaches cost between $1 million and just under $2.5 million, a number that would probably put an unprepared small/midmarket firm out of business for good.

The Better Business Bureau (BBB) did a recent study to show how much smaller businesses can struggle after a major cyberattack. The BBB asked North American small business owners "How long could your business remain profitable if you permanently lost access to essential data?" A mere one-third (35%) replied that they could stay profitable for more than three months. Over half of them said their financial well would run dry in less than a month.

Security Has Reached the Boardroom
The upside is that cybersecurity is now a common topic of boardroom discussion. Ninety-two percent of midmarket businesses now have a senior person in charge of security in one way or another, as noted in Cisco's report. A respectable 42% of them have installed a CISO, and another 24% have hired a chief security officer.

Another positive note is that a solid majority (91%) of midmarket firms test their incident response plans at least once a year by running drills. However, one wonders whether incident response plans are enough of a defense to ward off attackers, who seem to be getting smarter and using more sophisticated technology every day.

To keep pace with the bad guys, small/midmarket businesses must continue to improve their cybersecurity and acknowledge that even smaller changes are better than no changes at all. The online threat landscape is wide-ranging and always changing, and the targets of attack are increasing in number. In response, security technologies and strategies have to evolve the same way.

Related Content:



Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Marc Wilczek is a columnist and recognized thought leader, geared toward helping organizations drive their digital agenda and achieve higher levels of innovation and productivity through technology. Over the past 20 years, he has held various senior leadership roles across ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
User Rank: Ninja
3/26/2019 | 10:51:41 AM
Cryptolocker and restore in hours
Small business can be very small indeed.  Before moving to Georgia in 2014, I had my own managed services business - just me and another consultant.  One of my clients was a lovely 501C3 museum I had been associated with like forever and they got Cryptolocker at 1:20 am on the executive director's machine.  Bounced to the server and everything went up into the air.  Everything.  When they called in panic, I picked up my dedicated Dell system to their server as off-site backup.  Not a drive but a whole computer.  Car, drove it down and as it had same name as server, everybody had data access fast.  Now the server could then be rebuilt fast and in 3 hours I had all data restored and server running fine.  Only lost desktop on Executive director station and I did not know he used a part of the.  98% restore.  Now that is a small one, very small, but illustrative of point of this article.  SMALL firms are vulnerable unless they have good staff or good consultant staff.  ( I should have charged more for my restore - well, lesson learned). 
User Rank: Moderator
4/8/2019 | 2:42:20 AM
Due diligence
While the companies are all required to have their own form of protection up, I sure hope that the cloud data storage companies are going to play their part and do what they can to protect all of their customers from being hacked too. I don't think that anybody would be so specifically targeted as opposed to trying to hit on the whole mainframe of the cloud network..
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-20
The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin WordPress plugin before 7.1.18 did not sanitise or escape its result_id parameter when displaying an existing quiz result page, leading to a reflected Cross-Site Scripting issue. This c...
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information.
PUBLISHED: 2021-06-18
SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information.
PUBLISHED: 2021-06-18
SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information.
PUBLISHED: 2021-06-18
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.