Five Reasons Hackers are Targeting SMEs

Written by

Larger organizations dominate the headlines when it comes to cyber-crime, but it is the small and medium-sized enterprises that are becoming the primary targets and are bearing the brunt of most attacks. Smaller businesses are being hit with seven million cyber-attacks a year, which is costing the UK economy an astonishing £5.3 billion annually.

Just this month a new report from the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA) says that the last year “has been punctuated by cyber-attacks on a scale and boldness not seen before.” So, why are hackers targeting SMEs and what can they do to protect themselves from this growing spectre of cybercrime?   

SMEs are low-hanging fruit – make yourself less easy to target with UTM
Smaller enterprises are generally quite complacent about security. Due to the size of their operations, they tend to assume they are safe from malicious attacks when in reality, it’s quite the opposite. Smaller businesses are more at risk of successful cyber-attacks than larger ones as they often lack the budget and expertise to implement effective cybersecurity strategies. A recent report by Barclaycard revealed that only 20% of organizations believe cybersecurity to be a top business priority, suggesting why they are a prime target for hackers.  

These SMEs need to ensure that they remain one step ahead of cybercriminals, and should seek advice from cybersecurity professionals and invest in protection policies. Investing in and adopting Unified Threat Management (UTM) solutions will offer them better protection against the growing number of threat vectors.  

SMEs can be the ‘gateway’ to larger organizations

Larger companies are often harder to penetrate as they have sophisticated security defenses in place. As many SMEs are connected electronically to the IT systems of larger partner organizations, it provides an inroad to the ‘big names’ and their valuable data. Hackers clearly go small to win big but if found to be the flaw in a large organization’s security defense, small businesses could suffer catastrophic reputational and financial damage.

SMEs are vulnerable to ransom requests – shore up your defenses and train your staff
SMEs are in a vulnerable position when it comes to cyber-attacks, in the sense that a ransomware request could put them out of business overnight. With their business at stake, victims of ransomware often feel they have no option but to acquiesce to such requests.

Arguably SMEs have no-one else to blame but themselves: by not keeping their employees abreast of security concerns and issues, they are leaving themselves vulnerable to ransomware and phishing. Node4 research reveals that the biggest internal threat to a business is the human element, through errors made by employees. Companies need to educate their staff on the evolving threat landscape and the potential threats of opening unsolicited email attachments, for example.

SMEs are vulnerable to the rise in CEO fraud – use alternate systems to dual-authorize

Businesses are also falling victim to the latest in a new generation of cyber-attacks, CEO fraud, with almost 40% of targets being SMEs according to Symantec research. CEO fraud involves hackers designing and sending a fraudulent email to an employee, posing to be the CEO of the company.

They use a domain name that appears similar to the target’s to scam the employee, with the email typically requesting sensitive company information or money transfers, which, of course, ends up in the hacker’s bank account.

By introducing dual authorization procedures, SMEs can detect CEO fraud quickly and easily, and can protect their organization from such attacks. Most SMEs have internal messaging tools, such as Slack or Skype for Business, that are more difficult to compromise. Companies should use such platforms to verify the authenticity of a payment request. Having a second pair of eyes overlooking the request can make all difference and could potentially save your business huge amounts of money.

What’s hot on Infosecurity Magazine?