According to a report from security provider SiteLock, released Wednesday, 99% of hacked websites are nonprofits, blogs, and small business, proving that big business websites aren’t the only ones being targeted. The pace of the attacks was strong–websites are attacked 22 times per day, or more than 8,000 times per year, on average, the report noted.

While the most high profile attacks tend to center around big businesses, IBM’s executive security advisor Etay Maor has also posited that cybercrime is not at all confined to large enterprises. In fact, medium and small businesses tend to even be hacked more often as a proxy for preparing for bigger attacks, Maor added.

SEE: Information security policy template (Tech Pro Research)

Cybersecurity expert and IP Architects president, John Pironti, said that small businesses are targeted because they often lack proper security. Small and medium-sized companies typically can’t afford the same level of security big enterprises can, which makes attacking small businesses much easier and appealing, Pironti said.

“The truth is, there’s no such thing as ‘too small to hack,'” a SiteLock infographic stated.

The Sitelock data showed that social media presence is a huge factor in cyberattacks, with websites that link to Twitter, Instagram, or Facebook increasing their threat vector by 1.5 times compared to an average website. “What makes websites more or less risky is the popularity of site, how complex the site is, and which components they are using on the site,” SiteLock president Neill Feather told TechRepublic.

The same sentiment accompanies popular website builders: “[If] you become more visible, you are more vulnerable to attack,” Feather said. SiteLock’s data showed that websites powered by Joomla, for example, are 3.5 times more likely to be hacked than an average website. In order to stay protected, content management systems (CMS) must be regularly updated and used in conjunction with additional tools like firewalls, Feather said.

With data taken from October 2016 and March 2017, SiteLock emphasized just how much cyberattacks have increased this past year. In October 2016, 37% of hacked websites were infiltrated by malware designed to target the website’s visitors, while in March 2017 that number jumped to 53%, according to SiteLock’s research.

Proper education is a definite need and necessary to enact real change on cybersecurity, but it takes time. While organizations build out their education plan, Pironti provided tips that businesses can start doing now. Referring to his advice as “IT hygiene,” Pironti said IT leaders should focus on access control, configuration and change management, encryption, log management, and patch management. While education is important for long term change, Pironti said, participating in IT hygiene can help protect small businesses now.

Pironti’s tips echo some of the thoughts that came from a recent panel discussion hosted by TechRepublic’s Dan Patterson in Kiev, Ukraine, where participants discussed how taking basic cybersecurity precautions can go a long way. The panel said that simply changing passwords and firmware could help significantly, but most of all, educating the public on cybersecurity is key.

The 3 big takeaways for TechRepublic readers

  1. Sitelock conducted research over a span of two years from 6 million websites and found that websites are attacked 22 times per day, on average.
  2. Cyberattackers have unlikely targets, including nonprofits, blogs, and small businesses, proving no website or company is safe.
  3. The best way for SMBs to protect themselves is to educate their users on cyberthreats and focus on basic protections such as access control, configuration and change management, encryption, log management, and patch management.