How SMBs Must Manage Rising Ransomware and Social-Engineering Attacks

Ransomware Attacks Declined in 2024, but SMBs Shouldn’t Rest Easy

Sophos found that ransomware attacks declined slightly in 2024. “With viruses, there's always going to be this level of flu or this level of chickenpox within a community, and I think we're kind of getting there with ransomware,” Shier says. “Anywhere from two-thirds to three-quarters of attacks end up as ransomware within any given year.”

The slight decrease in attacks is partially explained by law enforcement’s disruption of activity by the cybercriminal group LockBit in early 2024, but the vacuum was eventually filled by other bad actors. Most adversaries are choosing to work with multiple Ransomware as a Service programs simultaneously.

“The key here is to make sure that we just keep hitting them, one after another, without these big lulls in between that allow them to regroup,” Shier says. “We're seeing DragonForce as the one that's making a lot of the noise these days, and they're being given room to operate.”

Unfortunately, the costs incurred by SMBs per attack increased in 2024.

Hackers Use New Tactics to Steal SMB Credentials

Cybercriminals evolved old tactics and employed new ones last year, with a quarter of initial business compromises stemming from network edge devices: firewalls, virtual private networks and access devices.

Software as a Service platforms continue to be exploited in new ways for social engineering, initial compromise and malware deployment purposes.

“A concentration of companies are using SaaS platforms now, especially SMBs, who are relying less on on-premises infrastructure,” Shier says. “There's a lot of great cloud and SaaS applications and services that they can leverage to accelerate their business, so that's where they are.”

A major goal of cybercriminals is compromising credentials, and newer methods such as email bombing and QR code and voice phishing are gaining steam — particularly against SaaS platforms that aren’t enforcing multifactor authentication by default. For instance, Atlassian had a few of its SaaS platforms breached because employees were reusing compromised passwords.

DISCOVER: Achieve secure, easy access with elegant IAM.

Why SMBs Make Good Targets, and How MDR Services Can Help

SMBs simply can’t afford the 24/7 security operations centers available to enterprise organizations, staffed with threat hunters and analysts who can track down every suspicious signal. Small businesses often have IT personnel wearing multiple hats, leaving them unable to quickly patch edge devices or respond to attacks or breaches.

“A lot of SMBs are missing key functions outside of belt and braces,” Shier says. “They've got people who can make sure that the computers are all running, but beyond that, it's kind of like, ‘We'll deal with it when we get to it.’”

UP NEXT: What is IGA, and how can SMBs use it?

SMBs may not even have an incident response plan or comprehensive backup in place, whereas large companies have in-depth defenses to withstand a certain level of attack and be more resilient when a response is required.

This does not mean SMBs are without recourse; they simply need to be willing to admit when they require the assistance of a managed service provider or MDR service, such as the one Sophos provides. Sophos MDR encounters hundreds or thousands of instances of the same threats daily, meaning it knows exactly what’s happening and can quickly move to preserve SMB operations.

In this way, an MDR service offers an extra layer of security for SMBs. Sophos also releases reports so security leaders can understand where their companies are deficient and establish an organizational strategy.

“You’re an expert in your business as an SMB; we're an expert in the threat,” Shier says. “Combining those just leads to better outcomes.”

Click the banner below to keep reading stories from our new publication, BizTech: Small Business.