SMB Ransomware Update

We are starting to see data and studies from Q4 of 2023 related to the impact of ransomware on small and medium-sized businesses (SMBs). Reports show ransomware increased at the end of 2023, with November being the second-largest attack month of the year. Ransomware groups are becoming more aggressive and targeting new business divisions to increase success.

SMBs continue to be the focus of ransomware attacks because they lack the resources to adequately defend against evolving attack vectors. Data shows in Q4 of 2023, hackers added supply chain attacks to their list of attack vectors. Often, supply chain attacks were in small and medium-sized business sectors. Hackers could infiltrate a small business and then use email compromise or VPN access to attack multiple businesses that trust communication from the first company. Supply chain attacks can be substantial as criminals often steal business data or invoice trusted third-party companies for upfront cash.

Data shows ransomware groups are becoming more aggressive in their attack vectors in response to a growing trend of businesses refusing to pay ransoms. Phishing tactics are becoming more alarmist to frighten employees into clicking links or providing information. This issue is compounding because few attackers were caught and held accountable for attacks in Q4 of 2023.

Small business owners need to prioritize cybersecurity in 2024 because SMBs are the new target of ransomware attacks. Businesses should prioritize security patches and secure remote access points like VPNs. Third-party access should be reviewed and closed when employees or supply chain vendors change. Educate employees on current phishing tactics, including more aggressive scare tactics in emails to create urgency from end users. Lastly, business data should follow the principles of least privilege, so if an attacker gains access to a user’s credentials, they cannot access all business data or move throughout the network.