Fri. Jul 10th, 2020

2019 Cyber Statistics Every Small Business Needs to Know

As cyber-attacks continue to increase, organizations cannot afford to have the “it will never happen to me” mentality. And, while data has continuously shown that cyber attacks can happen to any organization, regardless of its size, small businesses, in particular, need to be wary.


In fact, Verizon’s 2019 Data Breach Investigation’s Report found that small businesses account for 58% of data breaches.


And, if you think that statistic is frightening, then these highlights that we’ve gathered from several recent industry reports will make you hold on to your seat.


In the past 12 months, two-thirds of SMB’s have suffered a cyber attack


If you haven’t suffered a cyber attack in the last year, then you should count yourself lucky because data from Keeper Security and Ponemon Institute shows that you’re in the minority.


Email is still the number one point of entry for malware


According to Verizon’s 2019 Data Breach Investigation Report, small businesses are continuously being compromised via email.


Why? Because email allows hackers to gain a direct foothold into your network. Once the malware is downloaded hackers can bypass detection. And, cybercriminals have upgraded their techniques, so often the simplest messages and disguises are the most effective.


According to the 2019 Symantec Internet Security Threat Report (ISTR), the most common malicious email disguises are:

  1. Bill / invoice (15.7%)
  2. Email delivery failure notice (13.3%)
  3. Package delivery (2.4%)
  4. Legal/law enforcement message (1.1%)
  5. Scanned document (0.3%)


Currently, one of the most successful email infection strategies is employed in Emotet and Ursnif campaigns. Once an organization has been infected with one of these trojans, one of the ways they spread is by hijacking victim email accounts and using them to send malicious attachments (often Word docs disguised as invoices) to the victim’s contacts. In some cases, malicious emails are even sent as replies to existing email chains, raising the odds of them getting past filters and tricking unsuspecting recipients who recognize the “sender” as someone they know and trust.


Emotet, in particular, has successfully utilized this and similar tactics on its way to becoming one of today’s most dangerous and prolific threats.


4 out of 5 SMBs report malware has evaded their antivirus


Since most small businesses do not have the resources for an IT team, they often rely on anti-virus for protection. Unfortunately, reports show that 82% of  SMBs have experienced attacks where malware was able to get by their anti-virus.


Therefore, when choosing protection, it’s important to incorporate endpoint defense. While end-point security and anti-virus have similarities, endpoint security solutions cover your entire network and protect against different types of security attacks.


How SMBs can protect themselves in 2019

While statistics can paint a discouraging picture of the state of cybersecurity, it’s important to remember that the greatest form of cyber protection relies on organizations taking a human-centric approach to cybersecurity. Cybercriminals target people, not software, so it’s not enough to simply rely on software for protection.


So keep in mind that preventative measures — training employees, tw0-factor authentication, strong passwords, and more — will take you further and be cheaper and less time-consuming than dealing with the aftermath of a cyber attack.