Why Hackers Target SMBs

There’s a pretty common misconception among small and midsize businesses (SMBs) that hackers target only large organizations. Unfortunately, this belief couldn’t be further from the truth. In fact, according to the most recent Verizon Data Breach Investigations Report, more than 70% of cyberattacks target small businesses. Additionally, many attacks are now shifting to target managed service providers (MSPs), specifically because breaching an MSP can give hackers access to its entire SMB customer base.

Why Are Hackers Targeting SMBs?

Simply put, hackers target SMBs because it’s easy money. First, the smaller the business is, the less likely it is to have adequate cyber defenses. Moreover, even larger SMBs typically don’t have the budgets or resources for dedicated security teams or state-of-the-art intrusion prevention. On top of that, smaller businesses often lack measures like strong security policies and cybersecurity education programs for end users, so common vulnerabilities like poorly trained users, weak passwords, lax email security and out-of-date applications make SMBs prime targets.

What’s more, some hackers specialize in breaching specific business types or industries, refining their expertise with each new attack.

Which Business Types Are in the Crosshairs?

Realistically speaking, the majority of businesses face similar amounts of risk. However, hackers target some industries more often, such as finance or healthcare. Here are some of the business types that are currently topping hacking hit lists.

• Managed service providers: MSPs hold a lot of valuable data for multiple customers across industries, which makes them desirable targets. Hackers use a technique known as “island hopping,” in which they jump from one business to another via stolen login credentials. MSPs and their SMB customers are both potential targets of these attacks.
• Healthcare organizations: Hospitals, physical therapy offices, pediatricians, chiropractors and other healthcare practices are easy targets for cybercrime because they can have such chaotic day-to-day operations and because they often lack solid security practices. In addition, medical data and research can extremely valuable. Patient records alone can sell for up to $1,000or more on the dark web.
• Government agencies: There are many reasons that cybercriminals, particularly nation-state terrorists, might target local and national governments. In particular, small governments and local agencies generate troves of sensitive information, while large governments can be victims of nationwide disruption, either for financial gain or sheer destruction.
• Financial institutions: You probably aren’t surprised by this list item. Banks, credit unions and other financial institutions have long been targets for hackers due to a wealth of data and money. In 2018, over 25%of all malware attacks targeted banks––that’s more than any other industry. More recently, automation has further enabled cybercriminals to run advanced attacks on financial institutions at scale.
• Celebrities, politicians and high-profile brands: Hacktivists–who are usually politically, economically or socially motivated, like to seek out politicians, celebrities and other prominent organizations as targets. They may even attempt to embarrass public figures or businesses by stealing and disseminating sensitive, proprietary or classified data to cause public disruption, or for private financial gain via blackmail.

 What Are Your Next Steps?

The only real requirement for becoming a hacking target is having something that hackers want, which means all businesses are at risk. Luckily, a few relatively straightforward tips can go a long way in keeping your business secure.

Think like a hacker.

Cybersecurity awareness training with phishing simulations is