Alert Logic: SMB Cybersecurity Weakness Prompts More Attacks

Written by Edward Gately
July 3, 2019

A large number of SMBs are running vastly outdated systems.

Small and midsize businesses (SMBs) fac a steady increase in cyberattacks and changes in attack methods targeting their shortcomings in encryption, workload configuration, limited visibility into vulnerabilities, and outdated and unsupported operating systems.

That’s according to Alert Logic‘s SMB Threatscape 2019 report. The company’s threat intelligence team analyzed more than 1.3 petabytes of data, 10.2 trillion log messages, 2.8 billion intrusion detection events and 8.2 million verified security incidents across Alert Logic’s customer base of more than 4,000 organizations of all sizes, from SMBs to large enterprises.

Rohit Dhamankar, Alert Logic’s vice president of threat intelligence products, tells us attacks against SMBs are numerous and growing, and the lack of security experience and resources among SMBs results in the success of an increasing number of those attacks.

A large number of SMBs are running vastly outdated systems, which has implications on the way MSSPs need to configure their security monitoring technologies, and develop and monitor analytics to catch compromises on a wide range of systems, he said.

Alert Logic’s Rohit Dhamankar

“The report also provides opportunities for revenue beyond security monitoring for MSSPs,” Dhamankar said. “There is an opportunity to create additional advisory services at the correct price point that solve each of the challenges laid out; for example, an additional service that fortifies the AWS environment for MSSP, or another service that evaluates the infrastructure and provides guidance on upgrades based on the SMB applications.”

The research discovered 66% of SMB devices run Microsoft OS versions that have expired or will expire by January, most of which are more than 10 years old.

Some 42% of SMB security issues are related to encryption. While automated patching has helped to reduce the frequency of vulnerabilities, configurations remain a major issue. The report identified just 13 encryption-related configuration issues accounted for 42% of all security issues found.

Seventy-five percent of unpatched vulnerabilities are more than one year old. Even though automated updates have improved software patching, businesses still are having difficulty keeping pace. Open-source software further complicates the patch cycle, especially when it is embedded, the report says.

More than 30% of SMB email servers operate on unsupported software. Despite email being the life blood of most organizations, almost one-third of the top email servers detected were running Exchange 2000, which has been unsupported for nearly 10 years, according to the report.

“While limited budgets and staff cause many organizations to underinvest in cybersecurity, forward-looking SMB leaders are finding cost-effective ways to be ‘security smart’ as they address cyber risks and respond to attacks,” Dhamankar said.

SMB security leaders can improve security for their organizations through: increasing visibility into their environments; reviewing implementation of security-related technologies for effectiveness; and implementing continuous, expert monitoring.