SMBs becoming prime cyber attack targets according to the Acronis Cyberthreats Report mid-year update
- Published: Tuesday, 10 August 2021 08:47
Acronis has released its Cyberthreats Report Mid-year 2021 update, an in-depth review of the cyber threat trends the company’s experts are tracking. The report warns that small and medium-sized businesses (SMBs) are at particular risk based on the attack trends seen during the first six months of the year. Despite the perception they are too small to target, SMBs are increasingly vulnerable due to supply-chain attacks and greater use of automation by ransomware groups
The report revealed that during the first half of 2021, four out of five organizations experienced a cyber security breach originating from a vulnerability in their third-party vendor ecosystem. That’s at a time when the average cost of a data breach rose to around $3.56 million, with the average ransomware payment jumping 33 percent to more than $100,000.
“While the increase in attacks affects organizations of all sizes, something that’s under-reported in the coverage of current cyber threat trends is the impact on the small business community,” explained Candid Wüest, Acronis VP of Cyber Protection Research. “Unlike larger corporations, small and medium-sized companies don’t have the money, resources, or staffing expertise needed to counter today’s threats. That’s why they turn to IT service providers – but if those service providers are compromised, those SMBs are at the mercy of the attackers.”
By utilizing supply-chain attacks against managed service providers (MSPs), attackers gain access to both the MSP business and all of its clients. One successful attack means they can breach hundreds or thousands of SMBs downstream.
The Acronis Cyberthreats Report Mid-year 2021 also noted:
- Phishing attacks are rampant. Using social engineering techniques to trick unwary users into clicking malicious attachments or links, phishing emails rose 62 percent from Q1 to Q2. That spike is of particular concern since 94 percent of malware is delivered by email. During the same period, Acronis blocked more than 393,000 phishing and malicious URLs for clients, preventing attackers from accessing valuable data and injecting malware into the client’s system.
- Data exfiltration continues to increase. In 2020, more than 1,300 victims of ransomware had their data publicly leaked following an attack, as cybercriminals look to maximise the financial gain from successful incidents. During the first half of 2021, more than 1,100 data leaks have already been published – which projects a 70 percent increase for the year.
- Remote workers continue to be a prime target. The reliance on remote workers continues in the wake of the COVID-19 pandemic. Two-thirds of remote workers now use work devices for personal tasks and use personal home devices for business activities. As a result, attackers have been actively probing remote workers. Acronis observed more than twice the number of global cyber attacks, with a 300 percent increase in brute-force attacks against remote machines via RDP.
Obtain a copy of the full Acronis Cyberthreats Report Mid-year 2021 here (PDF).