These SMBs are hot threat targets but they're shrugging off security help
They may be hot targets of cybercriminals, but small and mid-sized businesses (SMBs) are prioritizing other enterprise applications for adoption over security tools.
Cybersecurity tools rank low in adoption among the various categories of applications whose costs are partly subsidized for SMBs in Singapore, said Andy Choi, deputy director of SME Go Digital at Infocomm Media Development Authority (IMDA). This despite 30% to 50% of SMBs that Choi had interacted with having experienced at least one ransomware attack. "I think many [SMBs] overestimate how safe they are," he said during a panel discussion organized by trade association SGTech.
Also: AI is changing cybersecurity and businesses must wake up to the threat
Launched in 2017, the SME Go Digital program aims to help these businesses adopt and use digital technologies, providing grants for a range of enterprise applications. The program encompasses digital solutions bundled in starter packs, offered by banks and telco partners, that span key categories such as accounting, HR, digital marketing, digital transactions, and cybersecurity. SMBs that sign up for 18-month contracts receive price waivers for any two solutions for at least six months.
HR, accounting, and e-commerce applications -- rather than cybersecurity -- have among the highest adoption rates among the SMBs, Choi told ZDNET during the event.
With smaller businesses a hot target of cybercriminals, it is a concern that security remains low in priority and an afterthought for these vulnerable organizations, according to the panelists.
SMBs need to comprehend the risks associated with their digital transformation efforts, said Kevin Reed, CISO for data security vendor Acronis. Cyber attackers today, he said, do not simply breach networks; they steal credentials and hijack data, so their victims can be exploited for ransom.
Reed added that while big ransom payments, such as the recent $22 million UnitedHealth reportedly paid to recover its data, often made the headlines, most ransom payouts are much smaller in numbers to better cater to SMBs.
Also: Regulations are still necessary to compel adoption of cybersecurity measures
Cybercriminals prefer to target these organizations since they often lack the resources to hire dedicated cybersecurity specialists and the skills to secure their assets, he said.
Furthermore, there is unlikely anyone to investigate or track down perpetrators in the event of a security incident, noted Aleks Farseev, SGTech exco member as well as co-founder and CEO of SoMin.ai.
Most SMBs usually end up paying the ransom and "trust" that the payment will lead to the recovery of their data, Farseev said.
In fact, ransomware attacks are the biggest threat to SMBs, according to the 2024 Sophos Threat Report, which defines SMBs as companies with no more than 500 employees.
"The value of data as currency has increased exponentially among cybercriminals, and this is particularly true for SMBs, which tend to use one service or software application, per function, for their entire operation," noted Christopher Budd, the security vendor's director of X-Ops research. Cyber attackers that succeed in stealing credentials, for instance, can get the password for the targeted company's accounting software. They then can access the company's financials and funnel funds into their own accounts, Budd said.
Also: How AI firewalls will secure your new business applications
He added that more than 90% of all cyberattacks reported to Sophos last year involved data or credential theft, through various attacks including ransomware, data extortion, unauthorized remote access, and simple data theft.
Specifically, LockBit is the ransomware group responsible for most SMB cases handled by Sophos' incident response team. Akira and BlackCat round out the top three groups behind ransomware attacks targeting SMBs.
In addition, almost half of malware detections were keyloggers, spyware, and infostealers, which attackers used to steal data and credentials. With the stolen data, cybercriminals can gain unauthorized remote access, roll out ransomware, or extort their victims, according to Sophos.
When they choose to pay the ransom, SMBs put themselves at risk of potentially violating local regulations, cautioned Choi. In Australia, for instance, organizations that make ransomware payments can be charged if they suspect or know that the funds may be used to fund terrorism.
Dennis Chung, Microsoft's Singapore CSO, recommended SMBs instead seek help from the authorities when they encounter a ransomware attack. The local police operates a counter-ransomware taskforce alongside other government agencies, including Ministry of Defence and Monetary Authority of Singapore, that offers help for companies that report such attacks including mitigation and recovery steps they can take.
Also: The best VPN services: Expert tested and reviewed
Tapping such community support also can provide useful background data and information sharing, such as decryption keys for attacks that may involve the same ransomware groups, Chung said.
Support and guidance specifically tailored for SMBs will better address the needs of these businesses, which often lack the budget or expertise to manage their cybersecurity needs, said Conrad Chan, product portfolio lead for Singapore telco M1.
Pointing to the curated list of subsidized digital solutions under IMDA's SME Go Digital scheme, he said such provisions -- as well as consultancy assistance under the program's CTO-as-a-service -- can ensure these companies, including micro SMBs, start thinking about security by design.
Echoing Choi's observation, Chan noted that security seldom is a priority or top concern for SMBs, most of which still believe they are unlikely to experience a breach.
Many also do not know where to start, even if they are want to beef up their security posture, and few have the skills or budget to do so, he added.
Chung also urged SMBs to stop regarding cybersecurity as an afterthought and start including the necessary security measures as part of their digital transformation journey.