Phishers are increasingly targeting micro, small and medium-sized enterprises while the vast majority of these businesses are still unaware of how vulnerable their own IT solutions are and how much damage an incident can cause. According to a recent survey, the greater part of small businesses do not pay enough attention to protection against phishing, and in most cases even the managers are unaware of the related dangers and costs.
Phishing attacks are one of the most common types of cyberattacks. These occur when cybercriminals send emails that appear to be legitimate but are actually designed to manipulate the recipient into providing sensitive information, clicking on a malicious link, or downloading a malicious attachment. Data released by international cybersecurity firms indicate that the number and severity of cyberattacks jumped significantly in 2021. SonicWall reported that the total number of ransomware attacks more than doubled in 2021 — jumping 105% during the year compared to 2020. CrowdStrike, meanwhile, disclosed that data leaks related to ransomware surged 82% in 2021, while the average ransom demand grew 36% to $6.1 million.
Underestimating the danger
The results of a recent cyber security -related survey conducted among Hungarian businesses is all the more worrying given the international backdrop. Some two-thirds of Hungarian companies think of security in terms of IT equipment and the protection of corporate and customer data, according to a recent survey of micro, small and medium-sized enterprises commissioned by Magyar Telekom and conducted by BellResearch. Businesses deem that the use of firewalls, anti-virus solutions, backups, as well as the protection of devices and electronic mail through passwords is sufficient to ensure the security of their operations. The same number of respondents believe that they cannot be the targets of malicious intent due to their size and 70% are convinced that they do not handle data that needs to be protected. In addition, 80% of companies indicated that they did not have data that could not be replaced in case of a data breach, believing that no incident involving data loss would pose an insurmountable challenge to the company's operations. The responses indicate that businesses underestimate both the degree of risk and the severity of an attack involving data loss. Furthermore, they do not take adequate responsibility to ensure the security of information about their business partners or even their customers.
Low sense of danger
The responses also indicated that there is an extremely low sense of threat among Hungarian businesses as only 20% of micro-enterprises and 30% of SMEs feel that their systems are at least moderately exposed to IT attacks and threats. To make matters worse, 60% of micro enterprises and 40% of SMEs try to solve IT and data security issues in-house, including the management of incidents involving data loss. Only about 10% of micro and small enterprises reported incidents of data loss, compared to 20% of medium and large enterprises. This lags far behind international experience.
In light of these responses, it comes as no surprise that three-quarters of micro and small businesses believe that their existing protection is sufficient, while even companies that are more aware of the related risks tend to underestimate them. This overconfidence leads to insufficient attention being paid to protection against phishing.
A common misconception among respondents (90%) is the assumption that protecting their IT assets will also protect their data. At the same time, about 42% of those surveyed had some sort of solution in place that specifically focused on protecting corporate and customer data. Half of the micro-enterprises found it sufficient to protect their PCs and laptops with software purchased when buying the devices themselves, while awareness is somewhat higher in the SME segment, where more than two-thirds of companies invest in security solutions. Most companies ignore the continuous maintenance and development of security solutions: less than 10% of micro-enterprises and only a quarter of SMEs constantly review their existing systems and look for up-to-date solutions.
“We feel it is important to equip smaller businesses against phishing attempts and malicious viruses. It is a good sign that more and more company executives are recognizing the need for this, but it also seems that there is still work to be done,” said István Iski, Telekom's Soho-SMB area director.
Wide range of tools
Phishers use a wide variety of tools and the range of these tools is constantly expanding. Although they operate online, it is typical for an attacker to use various tricks, such as messages that seem official, to trick their victim into sharing sensitive information, such as a bank account number, personal information, or passwords. A common type of incident involves bulk phishing that is an indiscriminate, ‘commodity’ attack in which the same email is sent to many people within an organization. A more sophisticated method used by attackers is to install malicious viruses (malware) on the inadequately protected devices of their victims. Such malicious software can lock devices or encrypt the data on them in order to extract money from the owner.
Whether it’s ransomware, business email compromise, or a variety of other threat types, email remains the No. 1 channel for cybercriminals to steal data and siphon billions each year.
Leave a Reply Cancel reply
Top 5 Articles
- L'Oréal Appoints New Managing Director in the Region January 6, 2025
- Gedeon Richter to Sell Chinese Biosimilar Product in Europe October 9, 2024
- 2024 Sustainable Future Awards Presented October 10, 2024
- New President at the American Chamber of Commerce December 11, 2024
- "Ziza, the First Year of a Poodle Puppy" July 25, 2024
No comment yet. Be the first!