The Most Common Types of Cyberattacks Plaguing SMBs

            An How to Protect Against Them

            By Richard Clarke, Chief Insurance Officer, Colonial Surety



            The media landscape is dominated by headlines like this “Hackers Target Cryptocurrency Companies in
            HubSpot Data Breach” and this “Microsoft confirms it was breached by hacker group.” Leading most to
            believe that cyberattacks and data breaches only afflict larger companies. However, the truth is, small
            and midsized businesses (SMBs) are likely more vulnerable as they generally have less protection, and
            more limited budgets to address management of the risk.

            Most SMB owners don’t know they are just as susceptible to a cyberattack as their larger counterparts.
            But, in fact, a recent report from IBM revealed that SMBs spend about $3M per breach, underscoring just
            how important it is for SMBs to take cybersecurity and cyber protection seriously.

            In order to understand the actions SMBs should take to best protect themselves, it’s important to first
            identify the types of cyberattacks they are most likely to face. With that, let’s quickly review three of the
            more common, ongoing types of cyberattacks facing SMBs.

               1.  Cyberextortion and Ransom Demands. Cyber extortion and Ransom Demands are one of the
                   most common cyberattacks for SMBs. These scenarios involve an attack or threat coupled with
                   a demand for money, or some other response, in return for stopping or remediating an attack.
                   SMBs are particularly vulnerable to these types of attacks because they do not have the
                   protections that larger organizations do, nor do they have the budgets to ramp up their spending
                   in those areas.

               2.  Privacy-Related Violations. Privacy-Related Violations involve a cyberattack or data breach
                   that result in a hacker or cybercriminal gaining unauthorized access to a database or network
                   and stealing private information. Any business that warehouses, handles, or transfers personal
                   or corporate information, has a potential exposure to this type of cyberattack.

               3.  Social Engineering Fraud. Social Engineering Fraud, which can also be known as
                   Impersonation Fraud, is a particularly tricky threat for any sized business. Unlike other common
                   types of cyberattacks that exploit security vulnerability, social engineering fraud targets
                   employees by fraudulently impersonating a third party in an effort to deceive an employee to
                   release funds or property, generally via wire transfer – this is often done through email phishing.



            The aftershock

            If you think the attack itself is where the problem begins and ends, you would be wrong. Following an
            attack there are aftershocks that can ripple for decades if a company is not properly prepared.










                                                                                                              60