In cyberattacks, SMBs face an existential threat

Cyberthreats, and ransomware in particular, have generated considerable news coverage this year. The attack on the Colonial Pipeline resulted in widespread gasoline shortages and mass transit disruptions, while a strike against JBS disrupted supply chains worldwide.

Now, with the Acronis Cyberthreats Report Mid-year 2021, we not only see troubling new developments in the threat landscape from the first half of the year: It’s also clear that SMBs are now at significant risk — and service providers must react.

SMBs may feel safe in the supposition that they’re “too small to target.” In reality, they’re increasingly vulnerable due to increases in attack automation and supply-chain attacks against their IT service providers. Cybercriminals are eagerly targeting managed service providers (MSPs) in a bid to compromise scores of their clients at once. For most SMBs, just one such incident could sound their death knell.

During the first half of 2021, four out of five organizations experienced a cybersecurity breach that originated from a vulnerability in their third-party vendor ecosystem. During that same period, the average cost of a data breach rose to around $3.56 million, and the average ransomware payment topped $100,000 — a 33% jump. While these figures would be a significant financial hit for any company, they’re simply fatal for the average small or medium business.

Here are a few more of our key findings from the Acronis Cyberthreats Report Mid-year 2021:

• Phishing attacks are rampant. The use of social engineering techniques to trick unwary users into clicking malicious email attachments or links rose 62% from Q1 to Q2. That spike is of particular concern since 94% of malware is delivered by email. During the same period, Acronis blocked more than 393,000 phishing and malicious URLs per month, preventing attackers from accessing business-critical data and injecting malware into clients’ systems (or your own).
• Data exfiltration continues to increase. Last year, more than 1,300 ransomware victims had their data publicly leaked after an attack. Cybercriminals are looking to maximize their financial gain, and these tactics increase the pressure on victims to pay up. During the first half of 2021, more than 1,100 data leaks have already been published — at this rate, we’ll be looking at a year-end increase of 70% over 2020.
• Remote workers continue to be a prime target. The COVID-19 pandemic drove a major shift to remote-first work that continues today. Two-thirds of remote workers now use work devices for personal tasks and use personal home devices for business activities — and attackers have taken note. Acronis observed the number of global cyberattacks to more than double, with a 300% increase in brute-force attacks against remote machines via RDP.

SMBs turn to IT service providers because they lack the resources or technical expertise needed to counter today’s rapidly evolving cyberthreats. As an MSP, your clients depend on you not only to turn to solutions that effectively defend against cutting-edge attacks, but also to stay abreast of the latest developments in the cyberthreat landscape and react accordingly.

I’ll be detailing some of the findings in this report during my presentation at Black Hat 2021 later today, titled Ransomware Attacks Against MSPs — a Nightmare for SMBs. We’ll explore incidents in which common tools and systems have been exploited by cybercriminals, including diving into some technical details. If you’re attending Black Hat this year, I hope you’ll join me.

The Acronis Cyberthreats Report Mid-year 2021 is based on examining attack and threat data collected by the company’s global network of Acronis Cyber Protection Operations Centers (CPOCs), which monitor and research cyberthreats 24/7. Malware data was collected by more than 250,000 unique endpoints around the world running Acronis Cyber Protect (either as a client of an MSP using Acronis Cyber Protect Cloud or a business running Acronis Cyber Protect 15). The mid-year update covers attacks targeting endpoints detected between January and June 2021.

You can download a copy of the full Acronis Cyberthreats Report Mid-year 2021 here.