We’re Hiring! – Come Join Us

More than 40% of SMBs have been impacted by cybersecurity breaches

Organizations of all sizes are vulnerable to cybersecurity breaches. However, small and medium businesses (SMBs), for many reasons, can be an easy target for bad actors.

SMBs are a tempting target

There are a few reasons why small and mid-sized organizations are both tempting and vulnerable targets for cyber criminals. First of all, many of these businesses utilize vendors that provide managed services on their behalf. A bad actor can hit one of these managed service providers and impact many small organizations at once. 

SMBs also tend to rely on free and built-in security tools included with existing products rather than investing in dedicated security technologies. With limited resources, it is common for there to be a lack of focus on cybersecurity. 

Small Business Insights report

Recently, a poll conducted by Intuit Quickbooks collected feedback from 2,031 small and medium business owners in the United States. These organizations employ up to 100 people and have more than $5,000 in revenue annually. They were a combination of brick-and-mortar, omni-channel, multi-channel, and mainly online businesses.

When surveyed about current business concerns, half of the businesses stated rising costs while the other half cited the economy. One-third of respondents mentioned supply chain problems as an ongoing concern as well as cash flow. 23% of survey respondents also cited cybersecurity threats. Additional issues for small to mid-sized businesses included lack of funding, skills shortages, employee retention, low consumer demand, and lower-priced competitors. 

With a focus on cyber attacks, more than 40%, 42% to be exact, of surveyed businesses acknowledged that they had suffered a cybersecurity breach. Specifically, malware was the most common type of attack followed by phishing, data breaches, DDoS (distributed denial-of-service) attacks, and ransomware. 

How to protect SMBs

SMBs that want to enhance their cybersecurity measures should consider implementing tactics including but not limited to:

  • Utilizing multi-factor authentication
  • Investing in end-point detection and attack response tools
  • Exploring identity and access management tools
  • Considering the strategy of prevention instead of reaction and recovery
  • Reviewing permissions to sensitive information
  • Implementing hardware security keys

Share this article