Select Page

75% of 2023 Cyber incidents aimed at SMBs according to Sophos Report

To all small businesses,


The threat landscape for small businesses in 2024 is evolving rapidly, with cybercrime posing an existential threat to these organisations. According to the World Bank, 90% of the world’s businesses were categorised as small to medium-sized organisations, and they currently employ more than 50% worldwide.

The 2024 Sophos Threat Report provides valuable insights into the specific challenges and risks faced by small and medium-sized businesses (SMBs) in the cybersecurity domain. The report sheds light on the growing menace of cybercrime targeting SMBs.

Cybercrime’s Impact on Small Businesses

The report emphasises that while cyberattacks on large enterprises and government agencies often dominate headlines, SMBs are more vulnerable to cyber threats and suffer proportionally higher consequences. Factors such as a lack of experienced security operations staff, underinvestment in cybersecurity, and smaller information technology budgets contribute to the vulnerability of SMBs. In fact, over 75% of customer incident response cases handled by Sophos’ X-Ops Incident Response service in 2023 were for small businesses, highlighting the severity of the issue.

Key Threats Facing Small Businesses

Ransomware continues to be the most significant threat to SMBs, but the report also identifies other critical threats, including data theft, web-based malware distribution, unprotected devices, abuse of drivers, email attacks, and attacks on mobile device users. These threats encompass a wide range of cybercriminal activities, from stealing sensitive data to leveraging vulnerabilities in various systems and platforms.

Data Protection as the Prime Target

The report underscores that data protection is the most significant cybersecurity challenge facing SMBs. More than 90% of reported attacks involve data or credential theft, highlighting the pervasive nature of these threats. Business email compromise (BEC) is identified as a substantial problem, with cybercriminals taking over email accounts for fraudulent purposes. Stolen credentials, including browser cookies, are exploited for unauthorised access and can be sold on underground forums, posing a significant risk to SMBs.

Ransomware Continues to Dominate

Despite making up a relatively small percentage of overall malware detections, ransomware remains a top threat for SMBs. The report highlights that ransomware attacks disproportionately target small and medium-sized enterprises, with LockBit ransomware being identified as the top threat in small business security cases in 2023. The use of remote execution of ransomware has also increased, posing new challenges to organisations’ cybersecurity defences.

Cybercrime as a Service

The report delves into the dominance of “Malware as a Service” (MaaS) in the cybercrime landscape, emphasising the use of malware delivery frameworks provided by cybercriminals through underground marketplaces. While certain malware delivery frameworks have receded or been disrupted by law enforcement, the remote access trojan AgentTesla has emerged as a prominent threat, making up 51% of malware delivery framework detections in 2023.

Evolution of Malware Delivery Routes

Malware attacks typically require initial access, and the report notes that MaaS operators have historically relied on malicious email attachments for this purpose. However, changes to the default security of the Microsoft Office platform have impacted the MaaS market, leading attackers to shift towards using PDF file attachments almost exclusively, with some exceptions such as the use of malicious OneNote documents.

In conclusion, the 2024 Sophos Threat Report provides a comprehensive overview of the cyber threats facing small businesses. By understanding the specific challenges and risks highlighted in the report, SMBs can take proactive measures to enhance their cybersecurity posture and protect their valuable assets from cybercriminal activities.

Through our partnership with Sophos, we are able to provide non-stop 24×7 Managed Threat Detection and Reponse to our customers. To stay updated on the best practices in cybersecurity, reach out to AMARU’s cyber security consultants and leverage the support you can get to safeguard your digital assets and mitigate the risks posed by cybercrime.