Despite the perception they are too small to target, SMBs are increasingly vulnerable due to supply-chain attacks and greater use of automation by ransomware groups
Acronis, the global leader in cyber protection, today released the Acronis Cyberthreats Report Mid-year 2021 update, an in-depth review of the cyberthreat trends the company's experts are tracking. Released at this week's Black Hat 2021 event, where Acronis is a Diamond sponsor, the report warns that small and medium-sized businesses (SMBs) are at particular risk based on the attack trends seen during the first six months of the year.
The report revealed that during the first half of 2021, 4 out of 5 organizations experienced a cybersecurity breach originating from a vulnerability in their third-party vendor ecosystem. That's at a time when the average cost of a data breach rose to around $3.56 million, with the average ransomware payment jumping 33% to more than $100,000.
While that represents a major financial hit to any organization, those amounts would sound the death-knell for most SMBs, which Acronis believes is a major concern for the second half of 2021.
"While the increase in attacks affects organizations of all sizes, something that's under-reported in the coverage of current cyberthreat trends is the impact on the small business community," explained Candid Wüest, Acronis VP of Cyber Protection Research. "Unlike larger corporations, small and medium-sized companies don't have the money, resources, or staffing expertise needed to counter today's threats. That's why they turn to IT service providers - but if those service providers are compromised, those SMBs are at the mercy of the attackers."
By utilizing supply-chain attacks against managed service providers (MSPs), attackers gain access to both the MSP business and all of its clients. As seen in the SolarWinds breach last year and the Kaseya VSA attack earlier in 2021, one successful attack means they can breach hundreds or thousands of SMBs downstream.
At Black Hat 2021, Wüest will provide an in-depth look at how supply-chain attacks against IT service providers pose a particular threat to SMBs in a session titled Ransomware Attacks Against MSPs - A Nightmare for SMBs.
Additional takeaways at the mid-year mark
Beyond the high-profile attacks that have dominated the headlines during the past six months and the concerns Acronis is raising about the impact on MSPs and small businesses, the Acronis Cyberthreats Report Mid-year 2021 also noted:
· Phishing attacks are rampant. Using social engineering techniques to trick unwary users into clicking malicious attachments or links, phishing emails rose 62% from Q1 to Q2. That spike is of particular concern since 94% of malware is delivered by email. During the same period, Acronis blocked more than 393,000 phishing and malicious URLs for clients, preventing attackers from accessing valuable data and injecting malware into the client's system.
· Data exfiltration continues to increase. In 2020, more than 1,300 victims of ransomwarehad their data publicly leaked following an attack, as cybercriminals look to maximize the financial gain from successful incidents. During the first half of 2021, more than 1,100 data leaks have already been published - which projects a 70% increase for the year.
· Remote workers continue to be a prime target. The reliance on remote workers continues in the wake of the COVID-19 pandemic. Two-thirds of remote workers now use work devices for personal tasks and use personal home devices for business activities. As a result, attackers have been actively probing remote workers. Acronis observed more than twice the number of global cyberattacks, with a 300% increase in brute-force attacks against remote machines via RDP.
Creating the Acronis Cyberthreats Report Mid-year 2021
The full report provides in-depth insights into the top security/threat trends the CPOCs observed during the first half of 2021, a review of malware families and related statistics, a deep dive into ransomware's most dangerous groups, the vulnerabilities that contribute to successful attacks, and Acronis' security recommendations for the remainder of 2021 and beyond.
You can download a copy of the full Acronis Cyberthreats Report Mid-year 2021 here.
아크로니스는 현대 디지털 환경의 SAPAS(안전, 접근성, 개인 정보 보호, 인증 및 보안) 과제를 해결할 수 있는 자동화된 통합 사이버 보호를 제공하기 위한 일환으로 데이터 보호와사이버 보안 을 통합했습니다. 아크로니스는 서비스 제공업체와 IT 전문가의 요구에 맞는 유연한 배포 모델을 통해 혁신적인 AI 기반의 차세대 안티바이러스 백업, 재해 복구, 엔드포인트 보호 관리 솔루션으로 데이터, 애플리케이션 및 시스템에 탁월한 사이버 보호를 제공합니다. 최첨단 인공 지능과 블록체인 기반 데이터 인증을 응용한 탁월한 안티맬웨어 기술을 통해 아크로니스는 저렴하고 예상 가능한 비용으로 클라우드부터 하이브리드, 온프레미스에 이르기까지 모든 환경을 보호합니다.
아크로니스는 싱가포르에서 설립된 스위스 기업입니다. 20년간의 혁신을 기념하는 아크로니스는 45개 지부에서 1,800+명이 넘는 직원이 근무하고 있습니다. Acronis Cyber Protect 솔루션은 150개 이상의 국가에서 26개 언어로 제공되며 20,000+개의 서비스 제공업체(SP)에서 750,000개 이상의 비즈니스를 보호하는 데 사용됩니다.