In the continuously evolving field of cybersecurity, the capacity to implement best practices, attract skilled talent, and invest in the appropriate tools and services increasingly determines organizational success. Organizations with limited resources often face the greatest challenges, struggling more than their better-equipped counterparts.

Previously, small businesses and solo entrepreneurs were less frequent targets for cybercriminals, who preferred larger entities with significant data and resources, where the chances of exploiting vulnerabilities through phishing were higher. Currently, 82% of small businesses in the US operate without employees, while those that do hire make up nearly half of the American workforce.

Latest cybersecurity reports from CrowdStrike, The Identity Theft Resource Center and World Economic Forum put on the spotlight major findings on the widening cyber threats and the profound impact on businesses.

CrowdStrike observed a 60% year-over-year increase in the number of interactive intrusion campaigns, with a 73% increase in the second half compared to 2022.

Interactive intrusions involve attackers actively engaging with a host to achieve their goals. Unlike malware attacks, which rely on deploying harmful tools and scripts, interactive intrusions make use of the creativity and problem-solving abilities of human attackers. These individuals can imitate regular user and admin activities, which makes it challenging for defenders to tell the difference between genuine user actions and a cyberattack.

Once attackers gain access to a network, they aim to “break out” and spread to other devices within the system. The “breakout time,” or how quickly they can do this, is critical since the first compromised machines are usually not the ones needed to reach their objectives. Attackers need to explore the network, set up ways to stay hidden, and find their targets. Responding quickly within this breakout time helps defenders minimize costs and other damage from the intrusion.

The Identity Theft Resource Center reported that 73% of US small businesses experienced data breaches and cyberattacks, highlighting the presence of malicious actors causing substantial harm.

In 2023, the main reasons for security breaches changed compared to the past years. Outside attackers, rogue employees, remote workers, and third-party vendors were the top culprits. Meanwhile, breaches caused by phishing and scams were more common, which is pretty much what’s been happening everywhere.

Employee and consumer data continue to be the most impacted categories of information impacted by a breach. This is because these types of data often include sensitive information that can be used for identity theft, financial fraud, and other cybercrimes.

The World Economic Forum highlighted that 54% of organizations have an insufficient understanding of cyber vulnerabilities in their supply chain.

In the 2023 Outlook report, security leaders showed greater concern about their organization’s vulnerabilities. At the same time, business executives became more aware of cyber risks and cybercrime, leading to increased worries about their company’s ability to handle cyber threats. This heightened concern likely stems from a better understanding of the potential impact a major cyberattack can have on their operations, business relationships, and reputation.

With more business owners taking action on cybersecurity matters, the financial impacts of cyber breaches continued to drop compared to previous years, with more SMBs reporting losses of <$250,000 and fewer reporting higher dollar-value events. The trend of decreasing financial losses from cyberattacks shows improved cybersecurity measures and awareness among businesses. However, while the financial impact of cyber breaches has decreased, the threat remains significant, and the impact on employee and consumer data is still substantial.

Looking forward to this era of where threats are becoming more sophisticated, we as service providers should help business owners make informed decisions to choose solutions that provide layered defenses, protect critical assets, and ensure operational resilience, giving their businesses a strategic edge against cyber threats.

Sources

CrowdStrike. (2023). 2024 Global Threat Report. Retrieved from https://www.crowdstrike.com/global-threat-report/

Identity Theft Resource Center. (2023). 2024 Business Impact Report. Retrieved from https://www.idtheftcenter.org/publication/itrc-2023-business-impact-report/

World Economic Forum. (2024). Global Cybersecurity Outlook 2024. Retrieved from https://www.weforum.org/publications/global-cybersecurity-outlook-2024/

US Chamber of Commerce. (2024). Small Business Data Center. Retrieved from https://www.uschamber.com/small-business/small-business-data-center/