ESET Report Uncovers SMB Cybersecurity Blind Spots: 7 in 10 Experienced a Breach in the Past Year
Cybercriminals are zeroing in on Small and Medium-sized Businesses (SMBs) with unprecedented precision. No longer just occasional targets, SMBs have become the prime focus of increasingly sophisticated cyber attacks. The ESET SMB Cybersecurity Report 2024 delivers a sobering reality check: Not only are cyber attacks on the rise, but they’re also growing more complex and cunning. With seven out of ten organisations across the Asia-Pacific (APAC) region reporting a cybersecurity breach or strong indications of a data security incident in the past year, the message is clear – SMBs need to elevate their cybersecurity strategies to stay ahead of the game.
The Growing Cybersecurity Threat Landscape
The ESET report shines a light on some alarming trends, none more so than the record surge in unseen malware and software vulnerabilities. To be clear, in 2023 alone, ESET detected over 500,000 new and unique malware instances daily.
Considering that there are 365 days per full yearly cycle, this will amount to roughly 182.5 million differing malware in just a year. This unprecedented rise in malware is compounded by a record number of software vulnerabilities, with an average of 80 new vulnerabilities discovered each day. These vulnerabilities, if left unaddressed, provide cybercriminals with easy entry points to compromise systems, install malicious software, or steal sensitive data.
The threats SMBs face are as diverse as they are dangerous. Web-based attacks and data breaches top the list, with 31% of organisations reporting incidents. However, these attacks don’t hit everyone the same way. India, for instance, reported a significantly higher rate of web-based attacks at 42%, while Singapore struggled with Business Email Compromise (BEC) at 34%. And then there’s Malaysia, where ransomware is a growing menace, affecting 31% of organisations – echoing the global rise in ransomware as cybercriminals’ weapon of choice.
What’s Driving These Cybersecurity Incidents?
So, what’s leaving SMBs so vulnerable? According to the ESET report, inadequate security measures are the biggest culprits, cited by 44% of SMBs as the key factor in cybersecurity breaches. This screams the need for investing in robust, comprehensive cybersecurity solutions. But that’s not the only issue. Another 39% of organisations pointed to critical or high-severity vulnerabilities in their software, while 37% identified system misconfigurations as a significant risk.
And let’s not forget the human factor – often the weakest link in the cybersecurity chain. Employees, despite being the first line of defence, can inadvertently open the door to cyber threats due to a lack of cybersecurity awareness or training. Take BEC attacks, for example. These attacks rely heavily on social engineering, tricking employees into transferring funds or sharing sensitive information. Even the most sophisticated technical defences can be rendered useless by a simple human error.
The Economic and Reputational Fallout for SMBs
A successful cyber attack can be catastrophic for SMBs – not just in terms of immediate financial losses, but also in terms of long-lasting reputational damage and operational disruption. The ESET report highlights some of the most significant concerns: Loss of data (28%), financial impacts (20%), and loss of customer confidence and trust (18%). For SMBs, which often operate on tighter margins, these impacts can be especially severe, potentially crippling their ability to recover from a major data breach or cyber incident.
The situation gets even more dire when you consider that a majority of SMBs in the APAC region would consider paying the ransom in the event of a ransomware attack. This highlights the desperate positions these businesses find themselves in when faced with losing access to critical data or systems. However, paying a ransom is no silver bullet – there’s no guarantee the decryption key will be provided, or that stolen data won’t be published. It’s a risky move, often fraught with long-term consequences.
Why Proactive Cybersecurity Measures Are Non-Negotiable
Given these risks, the ESET report stresses the importance of proactive cybersecurity measures. One of the most effective strategies for SMBs is to adopt a prevention-first approach, focusing on identifying and addressing vulnerabilities before they can be exploited. This approach includes utilising multilayered endpoint security software, bolstered by artificial intelligence and human expertise, to defend against advanced threats like ransomware and zero-day exploits.
But technology alone isn’t enough. SMBs need to make cybersecurity training a priority for their employees. Educating staff on how to spot phishing attempts, avoid online scams, and follow best practices for internet use can drastically reduce the likelihood of a successful cyber attack. The ESET report also advises implementing multi-factor authentication and regular software updates as key components of a comprehensive cybersecurity strategy. These measures can help block unauthorised access and ensure that any vulnerabilities are patched promptly.
The Path to Long-Term Resilience
The good news is that many SMBs are already taking steps to strengthen their cybersecurity posture. More than half of the organisations surveyed have conducted risk audits and invested in additional cybersecurity training following a breach or incident. Looking ahead, 40% of respondents expect to increase their cybersecurity spending over the next 12 months, with more than 35% anticipating a substantial boost of over 60%. This signals a growing recognition among SMBs of the importance of cybersecurity and their willingness to invest in the necessary tools and resources to protect their businesses.
Advanced technologies like Extended Detection and Response (EDR), cloud-based cybersecurity management, and vulnerability and patch management are among the solutions SMBs are looking to adopt. These tools offer SMBs the ability to detect and respond to threats in real-time, as well as to identify and address vulnerabilities before they can be exploited.
Prevention Is the Best Defence?
In today’s digital landscape, SMBs can’t afford to play defence. The findings from the ESET SMB Cybersecurity Report 2024 make it clear: A proactive, prevention-first strategy is essential to stay ahead of the ever-evolving threat landscape. Investing in comprehensive cybersecurity solutions, prioritising employee training, and staying vigilant against emerging threats will not only help SMBs protect their businesses from cyber attacks but also position them for long-term success in an increasingly digital world.
After all, some might agree that prevention might be the best form of defence.