The 2024 Sophos Threat Report published this week highlights how cybercrime disproportionally targets small businesses and hits them the hardest. Small organizations are typically more vulnerable to cyber attacks and thus suffer more from the impact of an attack. According to the report, ransomware, followed by business email compromise (BEC), continues to be the greatest threat to smaller organizations and also packs the biggest punch. Likewise, the Mimecast State of Email & Collaboration Security 2024 (SOECS) report indicates that social engineering is today’s biggest cybersecurity gap and continues to remain largely unaddressed. Social engineering tactics are also becoming more sophisticated generally, with attackers being more likely to actively engage using a thread of emails and responses making their lures more convincing. In addition, BEC attacks nearly doubled in 2023 according to Mimecast.
Both reports provide a common theme present in the current state of cyber threats affecting smaller organizations – while attackers are using more sophisticated social engineering tactics coupled with ransomware, smaller organizations are less likely to have proper cybersecurity defenses in place leaving them substantially more vulnerable.
Data is the prime target.
The reports also show that cybercriminals are chiefly interested in data. The Sophos report indicates that more than 90% of attacks reported by customers involved data or credential theft in one way or another. Attacks will almost always begin with some form of social engineering tactic, which is usually phishing, which will then deploy some form of malware to steal data– often ransomware. Stolen data/credentials can then be sold to other criminals with additional malicious intent. To help increase user awareness of the social engineering tactics designed to trick them, members may wish to consider having employees participate in this upcoming event hosted by the Small Business Administration on “Combatting Social Engineering Attacks.”
For additional insight into the Sophos and Mimecast reports, access Help Net Security and IT Security Guru.
Additional Resources:
