Building a slide deck, pitch, or presentation? Here are the big takeaways:
- The average small business website is attacked 44 times per day. — SiteLock, 2018
- 46% of all WordPress sites infected with malware were up to date with the latest core updates. — SiteLock, 2018
As the cyberthreat landscape continues to expand and grow more sophisticated, small and medium-sized businesses (SMBs) are at an increased risk of falling victim to cyber attacks, often due to a lack of resources to combat threats. In Q4 2017, the average SMB website was attacked 44 times per day, according to a new report from security firm SiteLock.
SiteLock studied more than 6 million websites in Q4 2017 to identify trends and the evolving tactics used by cybercriminals.
Bots were a major security threat, the report found: The sites studied received an average of 152,041,201 bot visits per week. And while just 1% of sites sampled were infected with malware each week on average, this means that globally, as many as 18.5 million sites are infected with malicious content at any given moment, the report noted.
SEE: Intrusion detection policy (Tech Pro Research)
The average number of malicious files per infection increased 0.8%, from 284 to 309 files, the report found. And backdoor files made up 12.5% of all malware found in Q4 2017.
WordPress sites and plugins were also a common attack vector, the report found, as 29% of all websites are built in the CMS. WordPress sites with one to nine plugins were twice as likely to be infected with malware as a non-CMS website. And WordPress sites using 20 or more plugins were four times more likely to be infected, the report found.
Further, some 46% of WordPress sites infected with malicious content were running the latest core application updates—suggesting that updating the application without updating plugins and themes is not enough to keep your business safe from attackers.
"Leaving a single unpatched application, theme, or plugin could result in dozens of openings for attackers to exploit," the report said. "Without proper security in place, these vulnerabilities can be exploited, resulting in blacklisting and damaged website reputation."
Though 63% of SMBs reported increasing spending on security in the past year, less than half said they were confident that they can prevent data breaches and protect against threats, according to a recent report from Cyren and Osterman Research. IT managers said they were most concerned by threats of ransomware (62%), phishing (61%), and data breaches (54%).
"Small and medium-size business typically have fewer resources (e.g., money as well as knowledgeable people) to secure their IT infrastructure as well as maintain a good backup strategy," Engin Kirda, professor of computer science at Northeastern University, told TechRepublic. "Hence, whenever a ransomware attack happens, they often end up having to pay the ransom to rescue their data."
For SMB tips on how to prevent and mitigate attacks, click here.
- 10 ways to minimize fileless malware infections (free PDF) (TechRepublic)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- Cheat sheet: How to become a cybersecurity pro (TechRepublic)
- It's not just Windows anymore: Samba has a major SMB bug (ZDNet)
- How to avoid ransomware attacks: 10 tips (TechRepublic)
Alison DeNisco Rayome has nothing to disclose. She does not hold investments in the technology companies she covers.
Alison DeNisco Rayome is a Staff Writer for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.