As a cyber security organization, we spend a ton of time analyzing where the bad guys will hit next. Occasionally, we find trends that can steer us in a certain direction. For the most part, the bad guys seem to just follow the money - but, not always.
For the purpose of this blog, let's define a small and medium business as a company with an employee count of less than 250. Cybercriminals are more frequently targeting smaller businesses because of the lack of security resources they can afford. Did you know that on average, 1/5 of your IT budget should go to IT security? What does that translate to in your business? This can become out of balance as overall IT budgets are carved up.
Although they are mostly money driven, we are also finding cybercriminals target small critical businesses that have a huge effect on supply chain. Instead of a large "elephant" payout from a large business, they are finding great success in attacking multiple small businesses.
We are also seeing a major shift into attacks on non-profit and charity organizations. These industries are a hotbed for credit card information. Again, lack of budget can negatively effect the security of a non-profit as well.
So, what SMB industries are getting hit the hardest? The below study from the Crowdstrike website done in December of 2022 can shed some light on where the attackers are spending most of their time.
Source:
https://www.crowdstrike.com/blog/small-business-cyberattack-analysis-most-targeted-smb-sectors/