Small and medium-sized enterprises are some of the largest targets for cyber attackers, and now analysts are warning that those attacks don’t have to be bold and big to make an impact.
New research from eSentire found that “rudimentary” cyberattacks on SMEs are some of the most dangerous. They include intrusion attempts, policy violations and information gathering, and analysts say these strategies now represent 63 percent of the threats that hit SMEs in 2016.
“Cyber criminals are attracted to easy targets because they are low-risk and high-reward and require little effort to execute,” said eSentire Director of Threat Intelligence Viktors Engelbrehts in a statement. “However, available evidence suggests that the majority of opportunistic cyberattacks against mid-sized businesses can be prevented by applying basic practice security principles.”
Researchers at eSentire analyzed cybersecurity data in 2016 and found that the time between March and April and between September and October is the most active for SME-targeting cybercriminals. June and July are the least active months, the report found.
Intrusion attempts accounted for nearly a third of all threats to SMEs, while exploiting a Shellshock vulnerability proved to be the most common tactic for cyberattacks.
“In 2016, the eSentire SOC detected almost 5 million attacks across hundreds of primarily small-to-medium organizations, spanning multiple industries,” added Engelbrehts. Overall, the data suggests cybercriminals are deploying “lower-level” attack campaigns. While they are a significant threat to SMEs, their strategy shift also means SMEs can more easily protect themselves against these tactics, analysts said.