Page 60 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 60
The Most Common Types of Cyberattacks Plaguing SMBs
An How to Protect Against Them
By Richard Clarke, Chief Insurance Officer, Colonial Surety
The media landscape is dominated by headlines like this “Hackers Target Cryptocurrency Companies in
HubSpot Data Breach” and this “Microsoft confirms it was breached by hacker group.” Leading most to
believe that cyberattacks and data breaches only afflict larger companies. However, the truth is, small
and midsized businesses (SMBs) are likely more vulnerable as they generally have less protection, and
more limited budgets to address management of the risk.
Most SMB owners don’t know they are just as susceptible to a cyberattack as their larger counterparts.
But, in fact, a recent report from IBM revealed that SMBs spend about $3M per breach, underscoring just
how important it is for SMBs to take cybersecurity and cyber protection seriously.
In order to understand the actions SMBs should take to best protect themselves, it’s important to first
identify the types of cyberattacks they are most likely to face. With that, let’s quickly review three of the
more common, ongoing types of cyberattacks facing SMBs.
1. Cyberextortion and Ransom Demands. Cyber extortion and Ransom Demands are one of the
most common cyberattacks for SMBs. These scenarios involve an attack or threat coupled with
a demand for money, or some other response, in return for stopping or remediating an attack.
SMBs are particularly vulnerable to these types of attacks because they do not have the
protections that larger organizations do, nor do they have the budgets to ramp up their spending
in those areas.
2. Privacy-Related Violations. Privacy-Related Violations involve a cyberattack or data breach
that result in a hacker or cybercriminal gaining unauthorized access to a database or network
and stealing private information. Any business that warehouses, handles, or transfers personal
or corporate information, has a potential exposure to this type of cyberattack.
3. Social Engineering Fraud. Social Engineering Fraud, which can also be known as
Impersonation Fraud, is a particularly tricky threat for any sized business. Unlike other common
types of cyberattacks that exploit security vulnerability, social engineering fraud targets
employees by fraudulently impersonating a third party in an effort to deceive an employee to
release funds or property, generally via wire transfer – this is often done through email phishing.
The aftershock
If you think the attack itself is where the problem begins and ends, you would be wrong. Following an
attack there are aftershocks that can ripple for decades if a company is not properly prepared.
60