Why Hackers Target SMBs

Hackers target SMBs because it’s easy money--the smaller the business is, the less likely it is to have adequate cyber defenses.

4 Min Read
Hackers target
Getty Images

There’s a pretty common misconception among small and midsize businesses (SMBs) that hackers target only large organizations. Unfortunately, this belief couldn’t be further from the truth. In fact, according to the most recent Verizon Data Breach Investigations Report, more than 70% of cyberattacks target small businesses. Additionally, many attacks are now shifting to target managed service providers (MSPs), specifically because breaching an MSP can give hackers access to its entire SMB customer base.

Why Are Hackers Targeting SMBs?

Simply put, hackers target SMBs because it’s easy money. First, the smaller the business is, the less likely it is to have adequate cyber defenses. Moreover, even larger SMBs typically don’t have the budgets or resources for dedicated security teams or state-of-the-art intrusion prevention. On top of that, smaller businesses often lack measures like strong security policies and cybersecurity education programs for end users, so common vulnerabilities like poorly trained users, weak passwords, lax email security and out-of-date applications make SMBs prime targets.

What’s more, some hackers specialize in breaching specific business types or industries, refining their expertise with each new attack.

Which Business Types Are in the Crosshairs?

Realistically speaking, the majority of businesses face similar amounts of risk. However, hackers target some industries more often, such as finance or healthcare. Here are some of the business types that are currently topping hacking hit lists.

  • Managed service providers: MSPs hold a lot of valuable data for multiple customers across industries, which makes them desirable targets. Hackers use a technique known as “island hopping,” in which they jump from one business to another via stolen login credentials. MSPs and their SMB customers are both potential targets of these attacks.

  • Healthcare organizations: Hospitals, physical therapy offices, pediatricians, chiropractors and other healthcare practices are easy targets for cybercrime because they can have such chaotic day-to-day operations and because they often lack solid security practices. In addition, medical data and research can extremely valuable. Patient records alone can sell for up to $1,000or more on the dark web.

  • Government agencies: There are many reasons that cybercriminals, particularly nation-state terrorists, might target local and national governments. In particular, small governments and local agencies generate troves of sensitive information, while large governments can be victims of nationwide disruption, either for financial gain or sheer destruction.

  • Financial institutions: You probably aren’t surprised by this list item. Banks, credit unions and other financial institutions have long been targets for hackers due to a wealth of data and money. In 2018, over 25%of all malware attacks targeted banks––that’s more than any other industry. More recently, automation has further enabled cybercriminals to run advanced attacks on financial institutions at scale.

  • Celebrities, politicians and high-profile brands: Hacktivists–who are usually politically, economically or socially motivated, like to seek out politicians, celebrities and other prominent organizations as targets. They may even attempt to embarrass public figures or businesses by stealing and disseminating sensitive, proprietary or classified data to cause public disruption, or for private financial gain via blackmail.

 What Are Your Next Steps?

The only real requirement for becoming a hacking target is having something that hackers want, which means all businesses are at risk. Luckily, a few relatively straightforward tips can go a long way in keeping your business secure.

Think like a hacker.

Cybersecurity awareness training with phishing simulations is a vital component of an effective protection strategy. In fact, Webroot’s own research found that regular training over just four to six months reduced clicks on phishing links by 65%. Understanding hacker practices and motivations can help you predict potential threats and thwart attacks.

Lock down your business first.

The right security layers can protect you from threats on all sides. If you haven’t already, check out our free Lockdown Lessons, which include a variety of guides, podcasts and webinars designed to help MSPs and businesses stay safe from cybercrime.

Embrace comprehensive cyber resilience.

Being resilient in the face of cybercrime doesn’t just mean having powerful, automated endpoint threat detection in place. It also means having security layers that can protect your business and clients front and back. That includes layers like security awareness training, as well as network protection and strong backup and disaster recovery services. The best defense is prevention, and by preventing attacks and planning your recovery proactively, you’ll be ready to bounce back right away at the first sign of trouble.

Hackers have diverse means and motives, so it’s up to you to know their methods and prepare your business and customers to block advanced threats.

To get started on the road to cyber resilience, you can learn more about Webroot Business Endpoint Protection or take a free trial here.

Grayson Milbourne is the Security Intelligence Director at Webroot, where he has worked for the past 14 years. In his current role, Grayson works to support the Product Management team to ensure Webroot products are effective against today’s most advanced threats.

Grayson-Milbourne--150x150.png

 

 

 

 

 

 This guest blog is part of a Channel Futures sponsorship.

 

Read more about:

MSPs
Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like