SPOT Cybersecurity Tip: Sophos Threat Report for SMBs

Check out more SPOT Cybersecurity Tips!
Click to read more SPOT Cybersecurity Tips!

In our last issue of SPOT Cybersecurity Tips, we provided you with lessons learned from the latest Verizon Data Breach Investigations Report, which is based on real-world stats mostly from enterprise IT teams. This issue we dive into the latest Sophos Small Business Threat Report. Based on the latest Sophos threat research, we see that ransomware continues to have the greatest impact on smaller organizations. But other threats also pose an existential threat to small businesses:

  • Data theft is the focus of most malware targeting small and medium businesses—password stealers, keyboard loggers, and other spyware made up nearly half of malware detections. Credential theft through phishing and malware can expose small businesses’ data on cloud platforms and service providers, and network breaches can be used to target their customers as well.
  • Attackers have stepped up the use of web-based malware distribution—through malvertising or malicious search engine optimization (“SEO poisoning”)—to overcome difficulties created by the blocking of malicious macros in documents, in addition to using disk images to overwhelm malware detection tools.
  • Unprotected devices connected to organizations’ networks—including unmanaged computers without security software installed, improperly configured computers and systems running software fallen out of support by manufacturers—are a primary point of entry for all types of cybercrime attacks on small businesses
  • Attackers have turned increasingly to abuse of drivers—either vulnerable drivers from legitimate companies or malicious drivers that have been signed with stolen or fraudulently obtained certificates—to evade and disable malware defenses on managed systems.
  • Email attacks have begun to move away from simple social engineering toward more active engagement with targets over email, using a thread of emails and responses to make their lures more convincing
  • Attacks on mobile device users, including social engineering-based scams tied to the abuse of third party services and social media platforms, have grown exponentially, affecting individuals and small businesses. These range from business email and cloud service compromise to pig butchering (shā zhū pán (殺豬盤)) scams.

Concerned about your cybersecurity risk? Reach out for a complimentary Cybersecurity Discovery Call to learn more about possible solutions.