During 2023, we saw ransomware groups continue to shift their focus from large enterprises to small and medium-sized businesses (SMBs). New data attaches numbers to this trend and shows that businesses that employ up to 200 employees were the category most often attacked in the first half of 2023.
SMBs inherently face cybersecurity vulnerabilities that are non-factors for large corporations. SMBs have a smaller budget, resulting in fewer security resources than large businesses. Resource scarcity often results in missing security maintenance like password management, multi-factor authentication (MFA), patching, and updating systems and software.
The human element is a more significant threat at the SMB level as well. With less system security, employees are more susceptible to attacks from ransomware groups. SMB employees don’t have the level of security awareness training corporations provide. Also, many SMBs still think they are too small to be attacked and don’t prioritize cybersecurity on the job. SMB employees face the double exposure of not receiving security training and being more open to attack through out-of-date systems. One can see how the vulnerabilities quickly multiply against SMBs.
The threat landscape is also expanding. An estimated 29 new ransomware groups emerged in 2023, along with ransomware-as-a-service (RaaS). RaaS allows individuals with no technological background to hire a ransomware group to attack a chosen target easily. Attacks are usually financially motivated, but some groups target SMBs for data like healthcare and financial institutions.
The shift to SMBs is two-fold. Smaller businesses usually have worse security, and SMBs are more likely to pay to recover their data. The payments are smaller, but criminals are learning that multiple businesses that are more likely to pay yield a greater result than corporations that may be able to recover from a backup.
The data continues to show a trend of ransomware groups moving to target small and medium-sized businesses. Many businesses in this position are turning to managed service providers (MSPs) like Skynet Innovations to stay up-to-date on cybersecurity practices so they don’t have to. Reach out today if you have questions about how your business could utilize a managed service provider.
Quanexus IT Support Services for Dayton and Cincinnati
Request your free network assessment today. There is no hassle, or obligation.
If you would like more information, contact us here or call 937.885.7272.
Follow us on Facebook, Twitter and LinkedIn and stay up to date on by subscribing to our email list.