Network Security: SMBs in the Crosshairs of Cybercriminals

Posted on
May 3, 2024
ATSI Content Team
ATSI Content Team
Find me on:

In today’s digital-first world, network security has become a critical concern for businesses of all sizes.

The recent high-profile cyber-attacks, such as the 2021 Colonial Pipeline and 2023 MGM Grand ransomware incidents, have highlighted the severe consequences of cybersecurity breaches.

“Today marks two years since a watershed moment in the short but turbulent history of cybersecurity. On May 7, 2021, a ransomware attack on Colonial Pipeline captured headlines around the world with pictures of snaking lines of cars at gas stations across the eastern seaboard and panicked Americans filling bags with fuel, fearful of not being able to get to work or get their kids to school. This was the moment when the vulnerability of our highly connected society became a nationwide reality and a kitchen table issue,” America’s cyber defense director Jen Easterly said last May.

Just months later a ransomware attack on MGM Resorts cost the company more than $100 million in lost revenue.

While these major incidents made headlines, small and medium businesses (SMBs) are increasingly finding themselves in the crosshairs of cybercriminals looking to exploit vulnerabilities in their defenses.

SMBs that fail to prioritize cybersecurity face a range of risks, including sensitive data exposure, costly downtime, reputational damage, and legal liability.

The Growing Threat Landscape

According to the National Cyber Security Alliance, one in five small businesses falls victim to hackers each year.

The Ponemon Institute reports that the average global cost of a data breach reached $4.35 million in 2022, a 2.6 percent increase from the previous year. In the United States, the average cost was even higher at $9.44 million.

Cybercrime has evolved significantly since the early days of lone hackers working in isolation. Today, sophisticated nation-state actors and organized crime groups leverage advanced tactics and tools to carry out large-scale attacks.

With over 5 billion internet users worldwide and the global cost of cybercrime projected to reach $10.5 trillion annually by 2025, no business is too small to be a target.

The rapid shift to remote work during the COVID-19 pandemic has further expanded the attack surface, with the FBI reporting a staggering 400 percent increase in cyberattacks in 2020 alone.

SMBs: Low-Hanging Fruit for Hackers

In 2021 it was estimated that businesses fell victim to ransomware attacks every 11 seconds, but some estimates now think that number will lower to a ransomware attack every 2 seconds by 2031.

The Verizon 2023 Data Breach Investigations Report reveals that SMBs (less than 1,000 employees) accounted for more incidents (699 total with 381 confirmed data disclosures) than larger businesses (more than 1,000 employees) who reported 496 incidents with 227 confirmed data disclosures.

Attackers often view smaller organizations as low-hanging fruit, as they typically lack the robust defenses, monitoring capabilities, and dedicated security teams that larger enterprises have in place.

The Verizon report found that SMBs targeted including the following details:

  • Top Patterns: System intrusion, social engineering, and basic web application attacks represent 92 percent of breaches.

  • Threat Actors:
    • External 94 percent.
    • Internal 7 percent.
    • Multiple 2 percent.
    • Partner 1 percent.


  • Actor Motives:
    • Financial 98 percent.
    • Espionage 1 percent.
    • Convenience 1 percent.
    • Grudge 1 percent.


  • Data Compromised:
    • Credentials 54 percent.
    • Internal 37 percent.
    • Other 22 percent.
    • System 11 percent.

The consequences of a successful cyber-attack can be devastating for SMBs.

Beyond the direct costs of responding to the breach, such as hiring incident response experts and rebuilding compromised systems, businesses face a host of indirect expenses.  These can include:

  • Regulatory fines for compliance failures (e.g., under GDPR or CCPA).
  • Legal fees and settlement costs from lawsuits filed by affected customers.
  • Long-term damage to the company's reputation and customer trust.

With the average time to identify and contain a breach has lowered to 204 days, attackers still have more than six months on average to silently exfiltrate sensitive data before being detected, compounding the potential impact.

“When responding to social engineering attacks (and the same could be said of most attacks), rapid detection and response is key,” said the Verizon report.

Emerging Threats and Attack Vectors

As cybercriminals continue to evolve their tactics, SMBs must stay vigilant against a growing array of threats.

Supply chain attacks, such as the Kaseya ransomware incident, enable hackers to compromise dozens or even hundreds of organizations by breaching a single third-party vendor. This underscores the importance of vetting and monitoring the security practices of all partners and service providers.

Ransomware operators have also adopted more aggressive "double extortion" tactics, exfiltrating sensitive data before encrypting systems and threatening to release it publicly if the ransom is not paid.

This puts SMBs in the difficult position of either paying the attackers or risking the exposure of confidential customer and employee information.

The rapid shift to remote work during the pandemic also created new vulnerabilities, as many SMBs struggled to secure their expanded network perimeters and endpoints. Attacks exploiting weaknesses in remote access systems, VPNs, and cloud services skyrocketed and are likely to remain a primary threat vector for the foreseeable future.

Looking ahead, the rise of 5G networks, the Internet of Things (IoT), and AI-enabled cyber-attacks presents new challenges that SMBs must prepare for. As more devices connect to corporate networks and AI is used to automate and scale attacks, the potential impact of a breach will only continue to grow.

Cybersecurity Best Practices for SMBs

To defend against this growing onslaught of threats, SMBs must adopt a proactive, multi-layered approach to cybersecurity. This should include:

  • Regular cyber awareness training for employees.
  • Implementing multi-factor authentication across all systems.
  • Deploying endpoint detection and response (EDR) and managed detection and response (MDR) solutions.
  • Conducting frequent vulnerability scans and penetration tests.
  • Developing and testing incident response and disaster recovery plans.
  • Maintaining offline, encrypted backups to mitigate ransomware risks.
  • Investing in cyber insurance to help cover the costs of a potential breach.

At ATSI, we understand that cybersecurity is not a one-size-fits-all proposition.

Our experts work closely with SMBs to assess their unique risk profiles and develop customized defense strategies such as VPNs and virtual disaster recovery and business continuity solutions aligned with your specific business needs and budgets.

Don't wait until it's too late. Contact ATSI today to start your journey towards a more secure future.

Topics: Internet Safety, Ransomware