As enterprises continue to place an increasing number of applications in the cloud, it should not come as a surprise that cybercriminals are increasingly targeting cloud vulnerabilities in order to get their hands on sensitive data. One consequence of that move is that these hackers are finding that small and medium-sized businesses (SMBs) are becoming more of a target now that they face some of the same vulnerabilities as their larger competitors.
Huge increase in attacks on web apps
According to the Verizon 2020 Data Breach Investigations Report issued in May, based on a survey of 157,525 security incidents and 3,950 confirmed breaches globally, attacks on web applications were a part of 43% of breaches. This was more than double the numbers from the prior year’s survey. The most common methods of attacking web apps were by stealing login credentials or using so-called ‘brute-force’ attacks in which attackers electronically guess at millions of possible passwords. Financial motivations accounted for 86% of these breaches.
SMBs face risks in moving to cloud computing
The Verizon report also indicates that the move to the cloud is making it easier for malicious actors to target the SMB segment. This represents a shift in the landscape; historically, large enterprises have faced more significant threats because the rewards for successfully accessing data from a large company were theoretically much greater than for breaching a smaller company. The cloud changes that paradigm; according to Verizon, as SMBs have adjusted their business models to leverage the benefits of cloud economics and web apps, “the criminals have adapted their actions to keep in step and select the quickest and easiest path to their victims.”
Large enterprises remain vulnerable
The good news for SMBs is that pound-for-pound, they remain less vulnerable overall to security threats; the Verizon report estimates that breaches were more than twice as common in large enterprises as in SMBs. Moreover, on average, typical SMB attacks are resolved much more quickly – think days, hours, even minutes – while a much larger share of large enterprise attacks can take months or even years to resolve. For now, at least, SMBs continue to fly under the radar compared to large enterprises – but the more IT increasingly moves to an ‘everything as a service’ mode, the more vulnerable they are likely to become.