When it comes to cyberattacks as a whole, hackers don’t really differentiate between small and medium-sized businesses (SMB), and enterprises (organizations with 1,000+ employees). However, when it comes to deploying ransomware specifically, they’re more attracted to enterprises, new research has claimed.
The latest 2023 Hybrid Security Trends Report from Netwrix says among organizations of all sizes, 68% suffered a cyberattack in the last 12 months.
For ransomware, the stats are somewhat different – 48% of enterprises experienced this form of attack in the last year, compared to 37% of organizations of all sizes. Malware attacks seem to be less common in the cloud, as just a fifth (21%) of enterprise respondents said they suffered one of these.
Big operations = big expenses
For Dmitry Sotnikov, VP of product marketing at Netwrix, targeting enterprises makes sense, as these organizations are capable of making big payouts, and with ransomware operators – it’s all about profits.
“Ransomware operators want to maximize their profits, so they consider which organizations are most able to pay a ransom to reduce business downtime — and the larger an organization is, the costlier an operational disruption will be,” he said.
“On the other hand, larger organizations have more tools to spot the attack that might stay unnoticed for SMBs. In addition, enterprises have bigger infrastructure with more endpoints that statistically increases the chance of the security incident.”
That being said, this next part of the report also lines up perfectly – the enterprise sector experienced larger expenses due to cyberattacks, compared to SMBs. For a quarter (28%) of enterprises, the financial damage was north of $50,000. The average, for companies of all sizes, is 16%.
“Smaller companies often underestimate their risk of attack, reasoning that cybercriminals tend to target enterprises because they store more intellectual property (IP) and other sensitive data. But our survey shows that organizations suffer cyberattacks with a similar frequency regardless of their size,” says Dirk Schrader, VP of security research at Netwrix.
“Every organization has valuable data, such as customer and employee information, and is, therefore, a target for attackers. What’s more, SMBs are not only a target on their own but as a way into the larger enterprises that consume their services.”
Next to business email compromise (BEC), ransomware is the most popular form of cyberattack out there, and in recent years it has developed into an entire industry. Some threat actors work as service providers, offering to encrypt networks that have been previously compromised by other groups. There are also groups that act as negotiators, trying to get the best value for the data stolen in the attack, as well as for the decryptor.
Law enforcement agencies advise against paying the ransom demand, as there’s no guarantee the hackers will provide the decryptor, or that the program will work as intended. There’s also no guarantee the stolen data won’t make it to the dark web anyway, nor is there’s guarantee the company won’t suffer another attack again.
Instead, firms are advised to tighten up on cybersecurity, set up robust backups, and educate their employees on the dangers of phishing and social engineering attacks.