7 Cybersecurity Statistics Every SME Should Know in 2023

by | Jan 30, 2024 | 0 comments

Cybersecurity no longer takes a backseat in IT channel discussions; it has garnered global attention from both companies and governments due to the escalating cyber threats.

The harsh reality has taught us that small businesses frequently fall victim to cyberattacks. The very concept of “targeting” has come into question, with a growing recognition that widespread, indiscriminate attacks have become the norm. Consequently, SMEs find themselves more susceptible to these tactics, often lacking the awareness, in-house IT expertise, and cybersecurity defenses to thwart such assaults.

This represents just one of the key insights that have surfaced in the cybersecurity landscape over the past year. Numerous emerging trends and threats demand attention, putting Managed Service Providers (MSPs) in a position where they must adapt or risk severe harm to their operations. In the following article, we’ve compiled other noteworthy cybersecurity trends for 2023.
This article is going to focus on the following:

  • Assessing the extent of companies’ vulnerability to cyberattacks.
  • Identifying the primary cyber threats prevalent in 2023.
  • Analysing the shift in priority from antivirus software to terminal protection.
  • Exploring the current landscape of ransomware in 2032.
  • Delving into the role of Managed Service Providers (MSPs) in enhancing cybersecurity for small and medium-sized enterprises (SMEs).

The majority of businesses remain vulnerable to cyberattacks

Hackers can penetrate at least 93% of company networks

Based on recent research reported by Betanews, it has been found that cybercriminals can reliably infiltrate the networks of 93% of organisations.

Positive Technologies conducted a series of penetration tests across various key sectors, including finance, energy, government agencies, industrial firms, and IT companies. The results indicated that in 93% of these test scenarios, attackers successfully breached an organisation’s network defenses, gaining access to their local networks.

Furthermore, a study conducted by Cisco reveals that 40% of small and medium-sized enterprises (SMEs) that fell victim to a cyberattack endured a minimum of eight hours of downtime. It’s worth noting that downtime constitutes a significant portion of the overall financial losses resulting from a security breach.

The rise in attacks targeting small and medium-sized enterprises (SMEs) is a growing concern. While a striking 43% of cyberattacks are directed at small businesses, a mere 14% of them feel adequately prepared, informed, and capable of safeguarding their networks and data, as indicated by an Accenture study on the cost of cybercrime.

Cybersecurity Magazine highlighted the following:

  • A significant 30% of small businesses identify phishing as their most prominent cyber threat.
  • A staggering 83% of small and medium-sized businesses lack readiness to recover from the financial repercussions of a cyberattack.
  • Surprisingly, 91% of small businesses, despite acknowledging the risks and potential irrecoverable losses, have not opted for cyber liability insurance.
  • Only a mere 14% of small businesses view their cybersecurity measures as highly effective.

The question arises: Why do companies remain hesitant to embrace a more robust security approach? While cybersecurity statistics provide insights into the threat landscape, they often fall short in driving perceptual shifts. Consequently, numerous members of the cybersecurity community and industry channel advocate for a shift in attitude towards the adoption of cybersecurity practices.

The Main Cyber Threats in 2023

Human error continues to be the main threat to cybersecurity

Email phishing, spear-phishing, and social engineering persist as the most prevalent and dependable methods for illicitly breaching network security. In 2021 alone, over 12 million phishing and social engineering emails infiltrated the inboxes of more than 17,000 organisations across the United States. Furthermore, an alarming 85% of security breaches implicated insiders, with 61% of these breaches exploiting weak passwords or compromised credentials.

Social engineering and phishing techniques stand as the foremost choices for cyberattacks. Even when organisations implement robust software, hardware, and security patches, the human factor remains a vulnerable entry point. The pandemic exacerbated this threat vector, as companies hastily embraced remote work setups during their digital transformation efforts for survival. Multiple studies indicate a direct correlation between the surge in remote work and the heightened cyber risk.

Furthermore, these reports have unveiled:

  • A staggering 70% of office workers utilise work devices for personal tasks.
  • Approximately 37% of office workers access work applications through their personal computers.
  • Shockingly, 57% of data breaches could have been averted by promptly installing readily available security patches.

Ransomware is still a threat

Its effectiveness and simplicity make it a preferred choice for cybercriminals

  • 37% of companies were affected by ransomware in 2021, a figure which is expected to increase year after year.
  • Large organisations who were subjected to ransomware in 2021 lost on average £1.52 million.
  • Only 57% of ransomware attacks have been successfully mitigated by restoring back ups.
  • Research shows that although 32% of victims pay the ransom, only 65% of their data is recovered (on average).
  • Global ransomware damages and ransom payments totalled £16.4 billion in 2021, a figure that is expected to rise to £217 billion by 2031.

Poor access control is a contributing factor

There is an increase in attacks relating to poor permissions controll and account compromise.

A prevailing theme in contemporary cybersecurity discussions revolves around the diminishing significance of antivirus and firewalls, with a growing emphasis on endpoint security. Nevertheless, a concerning statistic emerges: one out of every five small businesses remains devoid of any form of endpoint protection. This situation can be attributed, in part, to the fact that over half of small businesses in the United Kingdom lack internal IT support, let alone cybersecurity expertise.

Consequently, the responsibility of safeguarding these small and medium-sized business (SMB) endpoints predominantly falls upon Managed Service Providers (MSPs). MSPs should actively educate SMBs about the importance of practices like password hygiene, precise permissions management, and implementing critical endpoint security measures like data encryption. At the very least, MSPs should ardently endorse the principle of least privilege when overseeing administrative accounts within their clients’ networks.

Cloud attacks are increasing

Businesses of all shapes and sizes could have their cloud data compromised

The shift towards cloud technology has, unsurprisingly, given rise to a surge in cyberattacks targeting cloud-based systems. Since 2020, a striking 79% of companies storing data in the cloud have encountered at least one security breach. This statistic carries significant weight, considering that a substantial 92% of organisations currently utilise the cloud for some portion of their data or computing infrastructure.

Once again, the roots of this issue can be traced back to the COVID-19 pandemic. The rapid adoption of cloud technology by organizations created a host of unique vulnerabilities.

Multiple studies exploring this escalating threat landscape have revealed:

  • Approximately 46% of organisations employ cloud-native applications, purpose-built for the cloud, while the remaining 54% have migrated applications from on-premises environments.
  • A notable 47% of surveyed companies discovered instances of users possessing unnecessary privileged access, with an additional 25% encountering problems related to unauthorized users.
  • The primary cloud security concerns encompass data loss and leakage (69%), data privacy issues (66%), and accidental exposure of credentials (44%).
  • The most prominent cloud threats include misconfigurations resulting from human error, unauthorised access, insecure interfaces, and account hijacking.
  • End-user expenditures on public cloud services are projected to reach a staggering $362.3 billion globally by 2023

Common Vulnerabilities and Exposures (CVEs)

Last year alone, over 50 CVEs were reported daily

As technology adoption continues to surge in pace and scale, vulnerabilities are poised to multiply. Cyberattacks are now an accepted inherent risk in today’s landscape. This prevailing trend has led to the accumulation of a mounting security debt, presenting a formidable challenge for Managed Service Providers (MSPs) and cybersecurity professionals. The unresolved vulnerabilities from the previous year accumulate, compounding the complexity of addressing the new batch.

Furthermore, a report by Redscan Labs provides additional concerning insights:

  • A significant 90% of all CVEs discovered in 2021 were exploitable by attackers with minimal technical expertise.
  • More alarmingly, 55% of the CVEs reported in 2021 could be exploited without requiring any special privileges.
  • An overwhelming 61% of the total CVEs identified in 2021 did not necessitate any user interaction, such as compromised links, downloads, installations, or credentials.
  • Notably, 54% of the vulnerabilities observed in 2021 were classified as “high” availability, meaning they were readily accessible and easily exploitable by malicious actors.

Digital Supply Chain Attacks

They are considered a major risk as vulnerabilities such as Log4j proliferate through the supply chain

While the attack surface of organisations continues to expand, the significance of third-party risks is magnified. According to Gartner’s projections, by 2025, approximately 45% of global organizations will have experienced cyberattacks on their software supply chains. This alarming forecast represents a staggering 300% increase compared to the numbers observed in 2021.

In light of recent high-profile threats, Managed Service Providers (MSPs) are intimately acquainted with the challenges posed by supply chain attacks. The intensifying pressure on digital supply chains underscores the imperative for enhanced segregation between suppliers and partners based on risk assessment, the implementation of rigorous security controls and best practices, and a notable shift toward security-focused development and distribution processes.

However, navigating the evolving landscape of increased risks may prove challenging for IT providers and their vendors, as they grapple with the forthcoming regulatory changes necessitated by this heightened level of risk exposure.

Don’t skimp on risk management

These statistics might appear disheartening, leaving many small businesses feeling powerless in the face of such daunting figures. The truth is, robust cybersecurity tools and highly skilled experts often come with a hefty price tag, making it challenging to justify the investment, even when an SME understands that a cyberattack could spell disaster for their business. So, what explains the disconnect between MSPs, the looming danger, and the costs associated with risk mitigation?

Thankfully, this situation positions Managed Security Service Providers (MSSPs) and Managed Service Providers (MSPs), such as Sand Communications favorably with companies that recognise the need for security solutions but struggle to afford in-house security professionals. In such cases, it falls upon IT providers to effectively convey to their clients the critical importance of establishing a robust security posture.

How can Sand Communications help?

We have the technology and resources to improve your cybersecurity posture

At Sand Communications we take cybersecurity very seriously. Our team work with you to improve your cybersecurity posture, this begins with a free of charge Cyber Resiliency Assessment. Other steps we take:

  • Device encryption and management
  • Data Loss Prevention
  • Disaster Recovery Planning
  • Regulatory compliance management and review
  • Protecting data at its source
  • Employee training and education
  • Cyber Essentials and Cyber Essentials plus certifications
  • Email Protection
  • Access Control audits and improvements
  • Antivirus management
  • Password Management and much much more.

We proactively monitor, maintain and improve your security posture. To book in a free consultation, click here.