By Kevin Reed, Acronis CISO
Cyberthreats, and ransomware in particular, have generated considerable news coverage this year. The attack on the Colonial Pipeline resulted in widespread gasoline shortages and mass transit disruptions, while a strike against JBS disrupted supply chains worldwide.
We are not only seeing troubling new developments in the threat landscape from the first half of the year: It’s also clear that SMBs are now at significant risk — and service providers must react.
SMBs face greater risks than ever before
SMBs may feel safe in the supposition that they’re “too small to target.” In reality, they’re increasingly vulnerable due to increases in attack automation and supply-chain attacks against their IT service providers. Cybercriminals are eagerly targeting managed service providers (MSPs) in a bid to compromise scores of their clients at once. For most SMBs, just one such incident could sound their death knell.
During the first half of 2021, four out of five organizations experienced a cybersecurity breach that originated from a vulnerability in their third-party vendor ecosystem. During that same period, the average cost of a data breach rose to around $3.56 million, and the average ransomware payment topped $100,000 — a 33% jump. While these figures would be a significant financial hit for any company, they’re simply fatal for the average small or medium business.
Here are a few more of our key findings from the Acronis Cyberthreats Report Mid-year 2021:
· Phishing attacks are rampant. The use of social engineering techniques to trick unwary users into clicking malicious email attachments or links rose 62% from Q1 to Q2. That spike is of particular concern since 94% of malware is delivered by email.
· Data exfiltration continues to increase. Last year, more than 1,300 ransomware victims had their data publicly leaked after an attack. Cybercriminals are looking to maximize their financial gain, and these tactics increase the pressure on victims to pay up. During the first half of 2021, more than 1,100 data leaks have already been published — at this rate, we’ll be looking at a year-end increase of 70% over 2020.
· Remote workers continue to be a prime target. The COVID-19 pandemic drove a major shift to remote-first work that continues today. Two-thirds of remote workers now use work devices for personal tasks and use personal home devices for business activities — and attackers have taken note.
SMBs turn to IT service providers because they lack the resources or technical expertise needed to counter today’s rapidly evolving cyberthreats. As an MSP, your clients depend on you not only to turn to solutions that effectively defend against cutting-edge attacks, but also to stay abreast of the latest developments in the cyberthreat landscape and react accordingly.