Aug 06 2025
Management

SMBs Are in Nation-State Hackers’ Crosshairs: Here’s What to Know

Small and medium-sized businesses must secure themselves against threats from China, Iran and North Korea.

If you ever thought your business is too small to be of interest to a foreign adversary, think again.

“Never assume that you’re not of interest to state-sponsored actors, because you may well be,” says Dick O’Brien, principal intelligence analyst at Symantec.

In recent years, attacks against small and medium-sized businesses in general have increased. One in three SMBs were hit with ransomware in 2024, according to Microsoft. But not all hackers are after a quick payday. As many as half of them may be nation-state actors with long-term goals, and they’re using SMBs as a springboard to achieve them.

“It can be either for the intellectual property you have yourself, or it could be the people who are your customers,” O’Brien says. “Or you could just simply be a stepping stone on the way into another organization.”

Click the banner below for exclusive cybersecurity insights.

 

Motives for Nation-State Attacks Against SMBs

In total, nearly half of all threats Symantec encounters are believed to originate from nation-state actors. Geopolitical rivals tend to have specific motives when launching cyberattacks against SMBs, according to O’Brien, and China is the most prolific actor.

“They’re several orders of magnitude larger than any other nation-state in terms of number of attacks,” he says. “And one of the reasons for this is we think that there’s a huge component of economic espionage in their operations.”

For SMBs, this could mean threats to intellectual property or any data that may provide deeper insight into the logistics sector. They may also target contractors. In other cases, they’re primarily interested in an SMB’s target customer.

Iran takes a similar approach in its attacks.

“For example, they hijacked an organization’s web server to create a watering hole because they thought that people in organizations they were interested in targeting would visit that website,” O’Brien explains. “The hackers could then compromise them with malware if they visited the website.”

50%

The percentage of cyberattacks that originate from state-sponsored actors

Source: Symantec

In another situation, O’Brien said Iranian hackers were interested in who a business’s customers were and they were looking for personal data relating to those customers. Another case involved stealing digital certificates in order to sign their malware, because signed malware is less likely to raise suspicions and is more likely to pass security scanning.

Other nation-state actors, such as North Korea, are more directly financially motivated.

“One of North Korea’s elite outfits, called Stonefly, was carrying out ransomware attacks against very ordinary, mom-and-pop operations in the U.S.,” O’Brien says. “They were using that to fund their main mission, which is carrying out attacks on military installations linked to NATO.”

How SMBs Can Improve Security Against Nation-State Attackers

The risks to SMBs in these types of attacks are fairly obvious. They have potential reputational damage, especially if they’re a vendor for a larger enterprise. No one wants to look like the weak link in a bigger supply chain.

In other cases, such as the North Korean ransomware attacks against small businesses, the risks are more directly financial in the form of payouts or business disruptions.

One of the most immediate ways to defend against threats is through proper patch management.

“It’s gotten to the point where a vulnerability will be patched and word will get around about it, and within hours hackers launch scanning campaigns for unpatched systems,” O’Brien says. “That is how a lot of attackers — both nation-state and cybercrime — are getting onto networks.”

Click the banner below to keep reading stories from our new publication BizTech: Small Business.

 

Defense in depth is also important. This entails deploying firewalls, network security and endpoint detection and response. Integrated artificial intelligence can also play a role. Symantec, for instance, leverages adaptive security to proactively flag and block network anomalies. It also leverages incident intelligence to forecast the trajectory of a breach.

“About 80% of the time it’s able to predict the next five steps, and the end user can go in and toggle off or block off all of those avenues for the attacker,” O’Brien says. “Somebody can do that and respond to a breach in 30 seconds as opposed to several hours.”

He also recommends that SMBs formally document any and all security controls, which can be especially helpful in B2B markets when attempting to reassure larger enterprises.

Lastly, O’Brien urges SMBs to make cybersecurity a business priority, and adds that information security is central to the financial health of an organization.

“If you’re breached, your company is at risk reputationally and financially, especially if it gets out that sensitive information was stolen about your customers or your suppliers,” he says. “There’s a very real financial risk there.”

svetikd/Getty Images
Close

See How Your Peers Are Leveling Up Their IT

Sign up for our financial services newsletter and get the latest insights and expert tips.