How midsize companies are vulnerable to data breaches and other cyberattacks

Midsize companies often lack the staff, expertise and expensive tools needed to defend themselves against attack, says security provider Coro.

small-medium-business.jpg

Image: Aurielaki/Getty/istock Images

Cybercriminals will attack any type of organization large or small if they think they can profit from it and get away with the crime. But while large enterprises usually have the budgets, people and resources to protect themselves from a cyberattack, the same isn't necessarily true for smaller businesses. A report released Thursday by security provider Coro reveals a lack of preparedness on the part of mid-market companies.

To generate its new report, named "The Great Cyber Security Market Failure and the Tragic Implications for Mid-Sized Companies," Coro analyzed information on more than 4,000 midsize companies (defined as those with between 100 and 1,500 employees) across six industries: retail, manufacturing, professional services, healthcare, transportation and education.

Throughout 2020 and 2021, the number of cyberattacks against midsize businesses in every industry examined jumped by at least 50%. Attacks against companies in the healthcare and transportation sectors were the highest, rising by more than 125% between October 2020 and October 2021. Incidents leveled against retail, manufacturing and professional services companies increased between 86% and 90%.

SEE: Security incident response policy (TechRepublic Premium)

Midsize companies are significantly more likely to be hit by a data breach or other incident now than in 2019. One key reason for this shift is the pandemic. Since almost the start of 2020, businesses have increasingly turned to remote work, grown the number of devices connecting to their networks, and expanded their use of the cloud. In reaction, more cybercriminals have stretched their repertoire to include ransomware attacks via the cloud and email, endpoint malware, Wi-Fi phishing and insider threats.

SEE: How to manage passwords: Best practices and security tips (free PDF) (TechRepublic)

The security industry also has a tendency to focus on the enterprise market with expensive and expansive products, thus sometimes neglecting mid-market companies. Plus, the security products used by smaller businesses are often misconfigured.

Email malware attacks surged by 154% between 2020 and 2021. But only 1% of midsize organizations have email malware protection in place, while 88% of them misconfigured the settings. Wi-Fi phishing attacks, in which hackers create a phony and malicious Wi-Fi network, jumped by 203% over the same time. But less than 1% of midsize companies have Wi-Fi phishing protection in place, while 90% of the ones that do have misconfigured them.

In this type of environment, midsize companies are vulnerable because many lack the required security teams, the in-house expertise or the advanced and expensive security tools needed to defend themselves. As a result, many such businesses are unable to properly safeguard the company.

To help midsize businesses better protect themselves from data breaches and cyberattcks, Coro CEO Guy Moskowitz provides the following advice:

  1. Make sure you secure your email and cloud applications against malware, ransomware and account takeover. Such protection is not typically covered by email or cloud service providers.
  2. Antivirus products offer only a small chunk of the protection you need. Look beyond standard antivirus solutions toward full-fledged ransomware protection and device security tools.
  3. Install phishing prevention and protection for your email, Wi-Fi connectivity, and cloud applications.
  4. If you store private information for customers or employees, be sure to set up insider threat detection and data loss prevention across your endpoints, cloud applications, cloud storage and email.

Also see

By Lance Whitney

Lance Whitney is a freelance technology writer and trainer and a former IT professional. He's written for Time, CNET, PCMag, and several other publications. He's the author of two tech books--one on Windows and another on LinkedIn.