Cyberattacks represent a serious problem for small to medium-sized businesses (SMBs).

Consider that in 2019, 43% of attackers went after small businesses, and in 2021, 60% of SMBs said they were victimized by a cyberattack.

Even more worrisome? For small and midsize businesses, cyberattack impacts go beyond downtime, lost data and reduced consumer trust. According to the U.S. Securities and Exchange Commission, up to 60% of SMBs are forced to close within six months of a cyberattack.

But it’s not all bad news. While security threats remain a key concern for SMBs, greater awareness of potential problems has set the stage for a more effective response.

In this piece, we’ll consider what makes SMBs such tempting targets, tackle what’s changed for these companies and explore how giving security a seat at the table can reduce total risk.

Small Businesses, Tempting Targets

Large enterprises often seem like the more logical target for attackers, given the potential payout and the complexity of their IT stack. However, SMBs have actually become top-priority targets for attackers.

Three factors play a role in the habit of threat actors going after SMBs.

1. Reduced Awareness and Protection

Many small businesses can’t afford large, in-house IT teams. In some cases, they may have a team of one or two staff handling all tech concerns for the entire organization, or they may contract out this work to a third party. In other instances, non-tech staff may share the burden of trying to keep security on track.

The result is an ideal environment for attackers. Not only are many SMBs missing core security solutions such as security information and event management (SIEM) frameworks, but they may also be missing intrusion detection and next-generation firewall (NGFW) tools. And in some cases, SMBs haven’t even taken the steps to implement simple security measures such as two-factor authentication, which could help frustrate common threats.

2. High Value-to-Effort Ratio

SMBs are also tempting targets thanks to a high value-to-effort ratio. For attackers, this means that the low bar of security compromise requires minimal effort. But if they can access critical data, the payoff could be substantial.

Consider an attacker who successfully phishes an SMB owner. Armed with legitimate credentials, they could access business networks to steal intellectual property and financial data, or encrypt critical operational data using ransomware.

Even if the ransomware payout isn’t much — tens of thousands compared to possible millions in the case of enterprises — the bar is so low that the effort is worth the earnings.

3. Lower Chance of Repercussions

Finally, attackers are less likely to get caught while attempting to breach SMB networks. Owing to the lack of security tools in place, the time between intrusion and detection is substantial. This may even allow adversaries to slip in and out unnoticed. The lack of existing defenses also increases the risk of attackers deploying advanced persistent threats (APTs) to monitor user behavior and select their ideal strike point.

What are SMBs Doing Differently?

So what’s different? What are SMB owners doing now that they weren’t doing last year or the year before?

Put simply, they’re paying attention. As noted by recent survey data, 67% of SMBs are more worried about IT security than last year. And this isn’t just an academic concern; these businesses are spending more to reduce their security risk. Consider that in 2021, just 32% of SMBs were investing the recommended 6-15% of their IT budget into cybersecurity. One year later, 68% of companies align with these recommendations. 46% plan to keep their spending the same over the following year, and 48% plan to increase their spending.

The result is an SMB market that sees the impact of cybersecurity threats both at scale and closer to home. This market is finally taking its security seriously by investing time and effort into key controls and skilled personnel.

In other words, they’ve taken the first step to solving the security problem: acknowledging there is one.

Giving Security a Seat at the Table

Effective SMB security is all about table stakes.

In practice, this means identifying and implementing basic security tools and controls that help keep attackers at bay, coupled with an increased operational awareness of business vulnerabilities.

It’s certainly worthwhile for SMBs to consider more advanced threat detection and intelligence solutions. However, adopting basic cybersecurity hygiene practices is often enough to frustrate attacker efforts. Here’s why: Threat actors are all about low-hanging fruit. Consider the rise of Ransomware-as-a-Service (RaaS), which sees skilled attackers creating and then selling malware packages to less-skilled users.

These packages are ideal for compromising poorly protected SMB networks since they require minimal configuration and monitoring. But if businesses implement table stakes security tools that let them detect common threat vectors, the path to network compromise becomes more complicated. This, in turn, helps SMBs avoid simple attacks.

When it comes to more complicated threats, meanwhile, the use of intrusion detection tools coupled with regular assessments of security posture and examination of security data can help companies act before it’s too late. For example, by partnering with a leading managed security services provider — such as IBM — SMBs can detect the telltale signs of attacks on their networks and take action to reduce the impact. In addition, they can pinpoint common threat vectors and deploy targeted solutions to address the risk.

SMB Security: Going Up!

By seeing security as essential for both short-term survival and long-term business, SMBs have reached a tactical tipping point. This increased awareness has led to a commensurate boost in security budgets, putting small businesses in a better position to detect, identify and frustrate attacker efforts.

While this isn’t a magic bullet — attacks will still get through and data is still at risk — the upward trajectory of table-stakes spending suggests that SMB cybersecurity may (finally) be changing for the better.

More from Risk Management

The Evolution of Antivirus Software to Face Modern Threats

Over the years, endpoint security has evolved from primitive antivirus software to more sophisticated next-generation platforms employing advanced technology and better endpoint detection and response.  Because of the increased threat that modern cyberattacks pose, experts are exploring more elegant ways of keeping data safe from threats.Signature-Based Antivirus SoftwareSignature-based detection is the use of footprints to identify malware. All programs, applications, software and files have a digital footprint. Buried within their code, these digital footprints or signatures are unique to the respective…

Contain Breaches and Gain Visibility With Microsegmentation

Organizations must grapple with challenges from various market forces. Digital transformation, cloud adoption, hybrid work environments and geopolitical and economic challenges all have a part to play. These forces have especially manifested in more significant security threats to expanding IT attack surfaces. Breach containment is essential, and zero trust security principles can be applied to curtail attacks across IT environments, minimizing business disruption proactively. Microsegmentation has emerged as a viable solution through its continuous visualization of workload and device communications…

How the Silk Road Affair Changed Law Enforcement

The Silk Road was the first modern dark web marketplace, an online place for anonymously buying and selling illegal products and services using Bitcoin. Ross Ulbricht created The Silk Road in 2011 and operated it until 2013 when the FBI shut it down. Its creator was eventually arrested and sentenced to life in prison. But in a plot twist right out of a spy novel, a cyber attacker stole thousands of bitcoins from Silk Road and hid them away. It…

Third-Party App Stores Could Be a Red Flag for iOS Security

Even Apple can’t escape change forever. The famously restrictive company will allow third-party app stores for iOS devices, along with allowing users to “sideload” software directly. Spurring the move is the European Union’s (EU) Digital Markets Act (DMA), which looks to ensure open markets by reducing the ability of digital “gatekeepers” to restrict content on devices. While this is good news for app creators and end-users, there is a potential red flag: security. Here’s what the compliance-driven change means for…