Top 3 Most Common Cybersecurity Breaches Impacting SMBs


The most common cybersecurity breaches impacting small- and medium-sized businesses may seem fairly simple to avoid, but they’re costing people and companies billions of dollars.

Learn more about each of these types of breaches and what you can do to protect yourself and your company.

1. Ransomware

Businesses will soon want to make plans to thwart the forecasted surge in cyber extortion.

“The risk of cyber extortion and data breaches will increase in frequency,” according to the 2018 Study On Global Megatrends In Cybersecurity. “CISOs will be faced with a greater risk of cyber extortion, such as ransomware, according to 67 percent of respondents.”

The report notes that, as of publication, 19 percent of respondents rating cyber extortion as very frequent.

Within three years, 42 percent of respondents expect that it will be very frequent.

Ransomware is when malicious software—aka malware—encrypts your data until you pay a ransom. Attackers may even threaten to publish it unless they receive money.

SMBs are a target for ransomware because attackers assume they don’t have an incident response plan or protected data backups.

Businesses can protect themselves from ransomware attacks by:

  • Training employees on security awareness.
  • Keeping employees’ operating systems current.
  • Installing antivirus software.
  • Planning for cybersecurity breaches.
  • Having secure data backups.


2. Credential Theft

The market for stolen identities is expected to grow beyond $18 billion by 2024, according to research from Global Market Insights.

Hackers steal these identities through credential theft, and then sell them on the dark web.

Credentials are anything used to verify a person’s identity, such as a username, email, or password.

When the credentials match, an adversary gains the ability to access a system or network.

Often, credentials are stolen through phishing attacks—when people are convinced to give up their personal information by opening links or attachments infected with malware.

Like with ransomware, we suggest practicing good security awareness to combat credential theft.

We also suggest creating and storing strong passwords with a password manager, as well as using multifactor authentication


3. Business Email Compromise

A closely related cybersecurity breach is business email compromise—aka BEC or wire transfer fraud.

BEC usually happens when an email “from the CEO” arrives in your inbox.

The sender, masked as a CEO, urges the receiver to transfer a large amount of money to an account.

The receiver, convinced this is a legitimate request, may very well carry out the transaction.

Of course, the email and the CEO are a ruse, but the account and the money are real, resulting in bankrupted individuals and businesses.

In fact, from 2013 to 2018, this scheme cost victims more than $12.5 billion.  

The Department of Justice suggests the following protections:

  • All requests for payment should be verified first.
  • Email-only communications should be regarded as suspicious, meaning you should be able to call someone to verify the request.
  • Establish code phrases for phone conversations.


Whether it’s ransomware, credential theft, or a business email compromise, these are some of the biggest cybersecurity threats today.

How prepared is your organization for a cybersecurity incident? With just 5 questions, we can help provide you with direction. Take this quiz today

Take this 5-question quiz to find out how prepared your business is for a cybersecurity incident

Read On