When it comes to cyberattacks as a whole, hackers don’t really differentiate between small and medium businesses (SMBs) and enterprises (organizations with more than 1,000 employees). However, when it comes to spreading ransomware specifically, they are more attracted to organizations, new research has claimed.
Netwrix’s latest 2023 Hybrid Security Trends Report states that among organizations of all sizes, 68% have suffered cyberattacks in the past 12 months.
For ransomware, the stats are somewhat different – 48% of organizations experienced this type of attack in the last year, compared to 37% of organizations of all sizes. Malware attacks appear to be less common in the cloud, with only a fifth (21%) of enterprise survey respondents saying they experienced one such attack.
Big operations = big expenses
For Dmitry Sotnikov, Vice President of Product Marketing at Netwrix, targeting organizations makes sense, as these organizations are capable of large payouts, and with ransomware operators – it’s all about profits.
“Ransomware operators want to maximize their profits, so they keep in mind which organizations are best able to pay a ransom to minimize business downtime — the larger the organization, the higher the cost of operational disruption,” he said.
“On the other hand, large organizations have more tools to detect an attack that might go unnoticed for small and medium businesses. In addition, companies have a larger infrastructure with more endpoints that statistically increase the chance of a security incident.”
However, this next part of the report is also very much in line – the enterprise sector has faced greater expenses due to cyberattacks, compared to small and medium-sized businesses. For a quarter (28%) of the companies, financial damages were north of $50,000. The average for companies of all sizes is 16%.
Small businesses often downplay the risk of being attacked, arguing that cybercriminals tend to target organizations because they store more intellectual property (IP) and other sensitive data. “But our survey shows that organizations suffer cyberattacks with similar frequency regardless of their size,” says Dirk Schrader, Vice President of Security Research at Netwrix.
“Every organization has valuable data, such as customer and employee information, and is therefore a target for attackers. Moreover, small and medium-sized businesses are not just a target on their own but as a way to reach the larger companies whose services they consume.”
Next to Business Email Hacking (BEC), ransomware is the most common form of cyberattack, and in recent years has developed into an entire industry. Some threat actors act as service providers, offering to encrypt networks that have previously been compromised by other groups. There are also groups that act as negotiators, trying to get the best value for the data stolen in the attack, as well as for decryption.
Law enforcement agencies advise against paying the ransom demand, as there is no guarantee that hackers will provide a decryption tool, or that the program will work as intended. There’s also no guarantee that stolen data won’t make it to the dark web anyway, and no guarantee that the company won’t be attacked again.
Instead, companies are advised to tighten cyber security, create strong backups, and educate their employees on the risks of phishing and social engineering attacks.