Cybercriminals narrow their focus on SMBs: Acronis Report

According to the recent cyberthreats mid-year report by Acronis, the company warns that small and medium-sized businesses (SMBs) are at particular risk based on the attack trends seen during the first six months of the year.

The research revealed that four out of every five businesses had a cybersecurity breach in the first half of 2021 as a result of a weakness in their third-party vendor ecosystem. That comes as the average cost of a data breach has risen to about $3.56m, and the typical ransomware payment has risen by 33 per cent to more than $100,000.

While it would be a significant financial impact for any organisation, such figures would spell the end for most SMBs, according to Acronis, who believes is a major concern for the second half of 2021.

“While the increase in attacks affects organisations of all sizes, something that’s under-reported in the coverage of current cyberthreat trends is the impact on the small business community,” explained Candid Wüest, Acronis VP of cyber protection research. “Unlike larger corporations, small and medium-sized companies don’t have the money, resources, or staffing expertise needed to counter today’s threats. That’s why they turn to IT service providers – but if those service providers are compromised, those SMBs are at the mercy of the attackers.”

By utilising supply-chain attacks against managed service providers (MSPs), attackers gain access to both the MSP business and all of its clients. As seen in the SolarWinds breach last year and the Kaseya VSA attack earlier in 2021, one successful attack means they can breach hundreds or thousands of SMBs downstream.

Read: Human factor report reveals how 2020 transformed today’s threat landscape

Phishing attacks are also on the rise, according to the Acronis. Phishing emails increased 62 per cent from Q1 to Q2 by using social engineering tactics to mislead naive users into downloading harmful files or links. That spike is of particular concern since 94 per cent of malware is delivered by email.

In 2020, more than 1,300 victims of ransomware had their data publicly leaked following an attack, as cybercriminals look to maximise the financial gain from successful incidents. During the first half of 2021, more than 1,100 data leaks have already been published – which projects a 70 per cent increase for the year.

Also, remote workers continue to be a prime target. The reliance on remote workers continues in the wake of the pandemic. Two-thirds of remote workers now use work devices for personal tasks and use personal home devices for business activities. As a result, attackers have been actively probing remote workers. Acronis observed more than twice the number of global cyberattacks, with a 300 per cent increase in brute-force attacks against remote machines via RDP.