If 2020 was the year of Covid chaos, 2021 was the year of cybercrime explosion. Of course, both of these roller-coaster years were much more complicated and neither can be summed up in one simple term like that. But it’s true that cyberattacks have risen dramatically this year, making even 2020 look tame in comparison. We’ve heard about major breaches in the news, but a lot of the alarming increases in cyber crimes are against small and midsize businesses. In some industries, there were more than double the attacks this year than there were last year. With this many cyberattacks in 2021, there’s no reason to think they will slow down in 2022. So the smart defense is to become more aware and prepare yourself for what’s likely to happen sooner or later.
Around 43% of cyberattacks target small businesses, but only 14% of these businesses are actually prepared to defend themselves. Many have no dedicated IT staff, or if they do, they don’t have anyone specifically in charge of security. Because of staff and budget limitations, cybersecurity isn’t prioritized. Lack of awareness and overconfidence are another problem. According to a survey by CNBC and Momentive, 56% of small business owners said they were not concerned about being hacked and 59% said they were confident they could quickly resolve the issue if they were attacked. Yet when asked about a concrete plan, only 28% said they had one at all. Not having a plan should not make you confident about your ability to handle a breach!
Midsize businesses are similarly unprepared for the cyberattacks that threaten them. A recent study by Coro found that medium-sized businesses (those with between 1,000 and 2,000 employees) are nearly 500% more likely to become victims of a security breach now than they were in 2019. Compared with one year ago, attacks across industry verticals have doubled or come close to it. Hacks on the health and transportation industries have particularly skyrocketed. For example, see this comparison of cyberattacks in October 2020 and October 2021:
Coro attributes this rise in cybercrime to the massive increase in remote and hybrid work as a result of Covid-19. With endpoints all over the place and lots of work done over the cloud, hackers have more and easier targets if the organization doesn’t have strong security measures in place. It didn’t help that many enterprises had to quickly adjust to this new setting without the luxury of a preplanned timeline. This left plenty of them playing catch-up and adjusting to new routines, so that even months later they were unaware of the important element they had missed.
Big Areas of Vulnerability
One of the most common attack sites for small and midsize businesses continues to be email. Both the volume and types of email attacks have increased 154% over the past year, but only an astonishingly small 1% of midsize businesses have email protection in place. Other types of tactics that have ballooned over the past year are wi-fi fishing and bot attacks. With wi-fi phishing, a malicious actor finds a way to set up a nearby router that looks like a company’s wi-fi. As soon as one employee connects to it, the company’s network and data are compromised. Botnets, groups of malware-infected bots that hackers use to launch attacks, are also on the rise.
IoT devices are an easy target as well. The sheer number of machines that comprise the Internet of Things creates additional opportunities for hackers, and their firmware leaves a lot of security holes. Supply chain attacks are also a major problem today, with an alarming 97% of firms already having been affected by one. And, as we’ve said before, ransomware doesn’t seem to be going away anytime soon. Global ransomware is predicted to keep rising, reaching a point where one such attack happens every two seconds.
Cyberattacks in 2021 Don’t Make for a Good Projection in 2022
With numbers of attacks rising so dramatically over 2021, it would be naive to hope this won’t continue into the new year. Hybrid work doesn’t look like it’s going away—many workers have realized they want to stay remote, and companies are finding ways to combine in-person and remote work. While this means flexibility and happier employees, it’s also a continuing cybersecurity concern. Another trend that is likely to continue is the growing number of targeted and customized attacks, as opposed to broad, naive ones. According to Coro, these targeted breaches went from 13% of all attacks in 2020 to 30% of them in 2021. Cyber criminals are gathering information about companies and launching specific attacks—something to keep in mind for 2022.
Don’t Be Taken by Surprise
Given the threat landscape today, it’s stunning how many small and midsize businesses are unprepared for an attack. Even the small percentage that does have security protections in place usually does not have them configured according to best practices. Could your organization be one of these that has let the threat of cyberattacks slip past its awareness? We get it—there are so many other responsibilities of running a business and keeping up in today’s challenging environment. If cybersecurity is a headache you’d rather not handle on your own, ask us about how we can help. We offer managed security services that are customized to your business and your goals. We’ll configure the best security solutions on the market and monitor your environment for you. Among other good things, let’s make 2022 the year that we stand up to cyber attackers.