You might assume that cybercriminals would focus their attentions on the biggest organisations – after all, those are the ones Y best able to afford huge ransoms. In fact, smaller targets can and do get attacked all the time.
“Regardless of the size of the business,” says Matt Cooke, strategist at cybersecurity specialist Proofpoint, “if they have a bank account, or sensitive information to steal, they are very much at risk.” Proofpoint has found that 72% of organisations with fewer than 500 employees have dealt with a material loss of sensitive information within the past 12 months (see http://proofpoint.com for more information).
Indeed, small and medium-sized businesses are prime targets for malicious actors. Recent research from cybersecurity specialist Trellix (http://trellix.com) reveals that companies with 51-200 employees are the most common victims of ransomware, representing a third of all attacks in Q1 2023. “Smaller, less prominent organisations often lack the resources to implement robust security measures,” explains Trellix VP Fabien Rech, “either from a financial or skill-based standpoint.” To protect your company and data, therefore, it’s vital to be aware of the threats that you’re most likely to encounter, and to direct your (likely limited) resources accordingly, so as to minimise exposure to these security risks.
Phishing for cash
One important thing to understand is that your small business will mostly face the same range of threats as larger ones. This is because,