CS
Clay Stabert
SVP, US Cyber Product Manager
Article
It’s a common myth that cybercriminals target only large companies and organizations with deep pockets. While large enterprises can be high-value targets for cybercriminals, they are also more likely to have strong cybersecurity programs that can prevent attacks.
On the other hand, small and medium-sized businesses (SMBs) are often vulnerable to attacks due to gaps in their cybersecurity posture. SMBs often operate with limited resources and competing priorities. That combination creates opportunity for attackers. In fact, small businesses accounted for 43% of cyberattack targets in 2023, according to Accenture.
The first step to protecting SMBs from online criminals is understanding the cyber risks they face and preventive actions to lower those risks:
1. Phishing
Phishing remains the single most effective way for attackers to gain access to systems. It usually starts with an email that looks legitimate, maybe from a vendor, a payroll provider, or even your own leadership team. The message urges the recipient to click a link, download a file, or verify account credentials.
Preventive Actions
Implement a phishing awareness and simulation program. Combine that with strong email filtering, regular employee awareness training, and clear internal processes for verifying financial or data requests. The goal isn’t to eliminate every bad email, it’s to make sure employees know what to do when one lands in their inbox.
2. Credential Stuffing
This type of attack takes advantage of one simple human behavior: password reuse. Attackers use stolen credentials from one breach to attempt logins elsewhere, automating the process with bots until they find a match.
Preventive Actions
Establish multi factor authentication (MFA) across all systems, especially email, VPNs, and cloud platforms. MFA is one of the most effective ways to stop credential-based attacks. Also, implement a password management solution to help employees generate and store unique passwords.
3. Business Email Compromise (BEC)
BEC attacks are more targeted than phishing. They typically involve an attacker spoofing, or sometimes compromising, a company executive’s email account and sending urgent messages to finance or HR staff requesting payments or sensitive data. Emails are often convincing, personalized, and timed for maximum pressure.
Preventive Actions
In addition to the phishing defenses mentioned above, every business should have a multi-step verification process for payment or banking changes. Require employees to confirm requests verbally or through a separate communication channel.
4. Supply Chain Compromise
Attackers increasingly exploit third party providers, software vendors, cloud services, or IT support firms, to access client networks indirectly. These types of attacks can be difficult to detect until the damage is done.
Preventive Actions
Take an active role in managing vendor risk. Maintain an inventory of your key service providers and ask them for details about their cybersecurity practices, especially regarding data handling and incident response. To further strengthen cybersecurity when working with vendors, enforce multi-factor authentication (MFA) on all SaaS tools and remote access methods. Limit vendor access using least-privilege and need-to-know principles and segment your network to isolate their activity. These measures help reduce risk and protect sensitive systems from unauthorized access.
5. Ransomware
Attackers gain access, encrypt data, restrict authorized network access, and often exfiltrate sensitive files before demanding payment. Even when backups are not impacted by the ransomware event, the exfiltration of sensitive data makes recovery complex and costly.
Preventive Actions
The best ransomware defense is a layered approach that includes maintaining frequent, secure, offsite backups that are regularly tested for restoration. Deploy endpoint detection and response (EDR) tools for early threat identification. Ensure patching and vulnerability management are consistent across all systems.
Resource
At Sompo, we work closely with insureds to connect them with trusted cybersecurity vendors for training, monitoring, response planning, and recovery. These partnerships help businesses take practical, affordable steps toward cyber resilience, well before an incident occurs.