How often do cyber attacks happen to small and midsized businesses?

Professional woman working at a desktop computer at an SMB known to be especially vulnerable to cyber attacks

Cyber attacks have accelerated in the past couple of years, growing both in volume and sophistication, with an attack happening every 36 seconds (2,244 times per day).

Why? The pandemic has been a catalyst for massive digital transformation in how people work, shop, consume entertainment, and do almost everything else. Put simply, people are doing more online, making cyber crime more attractive for an increasing number of malicious actors.

SMBs Are Especially Vulnerable

Small and midsized businesses (SMBs), especially their IT functions, now confront unprecedented vulnerabilities as they support their flexible, digital-first workforces as well as their digital-first customers.

Cyber attackers are looking to exploit both technical/system vulnerabilities and human vulnerabilities. In fact, according to Verizon's 2022 Data Breaches Investigations Report, the overwhelming majority of data breaches (82%) involve a human element, such as phishing, stolen credentials, or human error.

SMBs are highly attractive targets for cyber crime because, according to the U.S. Small Business Administration, they not only have sensitive data hackers want to steal but “they [also] typically lack the security infrastructure of larger businesses to adequately protect their digital systems for storing, accessing, and disseminating data and information.”

Being considered a “soft target” by malicious actors is a bad place for SMBs to be. How is this impacting IT leaders at SMBs? Here are some relevant insights from IDG*:

  • Two thirds of IT leaders (67%) say time spent mitigating cyber attacks has increased.
  • More than two thirds (68%) of IT leaders say their organizations are highly concerned about the possibility of a data breach.
  • More than eight in ten IT leaders (82%) consider it challenging to avoid cyber threats with current technology.

What IT Leaders Want: More Security-Related Features

When IT leaders at SMBs evaluate IT solutions for supporting both their flexible workforces and their customers, security-related features are of the utmost importance to them. IDG reports that*:

The vast majority of IT leaders, 88%, would consider it highly valuable to require agents to reauthenticate before modifying or creating potentially sensitive automated tasks in their IT support tools.

Almost 6 in 10 IT leaders (58%) indicate that permission-based support with end-to-end encryption and the ability to enable multi-factor authentication (MFA) and single sign-on (SSO) is a top priority when considering support tools.

SMBs: Doing MORE About Cyber Security Risks

SMB IT leaders recognize that the pandemic-driven transition to more flexible ways of working (i.e., remote and hybrid work) has created more cyber risk for them to manage and build resilience/protection against. It should come as no surprise then that 85% of organizations said they plan to increase cybersecurity resilience, according to Frost & Sullivan research commissioned by GoTo.

The specific ways organizations build their resilience against cyber attacks can differ, of course: 58% of organizations said they would increase resilience by upgrading their existing IT solutions, while 32% are seeking to change their current IT provider(s) to improve cyber security, according to the report.

Cyber Security Solutions for SMBs

Yes, you’re going to have to train your people on ways to protect themselves (and your SMB) against common cyber attacks, such as phishing, but you’ll also need the right technology with built-in cyber security safeguards to keep your business safe as you support remote and flexible work.

What to look for:

Zero trust security identity-based access control for an added layer of security for your managed devices and business overall.

This should be at the top of your list, for good reason. Remote access and execution—or IT automation—are high-value targets for malicious actors. Zero trust security requires reauthentication for any sensitive actions taken on your endpoints.

GoTo Resolve is actually the only remote monitoring and management software currently offering truly zero trust security architecture.

Audit capabilities, such as robust reporting and activity logs along with forced in-session recording so there is complete transparency in when devices were accessed and what was done.

Data encryption using government-approved 256-bit Advanced Encryption Standard (AES) and Transport Layer Security (TLS).

Multifactor authentication (MFA) or SSO (single sign-on), to add another level of security for your accounts to make credential attacks extremely difficult.

Bottom line? The risks of cyber attacks against SMBs are growing, along with increased digital vulnerabilities brought about by flexible ways of working (remote and hybrid). Fortunately for IT leaders at SMBs, GoTo Resolve, with its zero trust security architecture and other in-depth security measures, is here to protect and serve. Get GoTo Resolve, free.

*Source: IDG, The State of SMB IT Support: How to Empower and Secure the Hybrid Workforce, January 2022.