Top 10 Reasons SME's are Targeted by Cyber Criminals

Paul C Dwyer
The Tenfold Threat:
Why SMEs Are Cybercriminals' Prime Targets

Small and medium-sized enterprises (SMEs) are becoming increasingly attractive to cybercriminals.

A report from the European Union Agency for Cybersecurity has affirmed this reality, revealing that a significant majority of cyberattacks are targeted at SMEs. What makes SMEs such an appealing target?

Here are the top 10 reasons:


1. Supply Chain Gateway: SMEs often serve as important links in the supply chain to larger organisations. Consequently, cybercriminals exploit SMEs as gateways to gain unauthorised access to larger targets.


2. Substantial Data Reservoirs: SMEs frequently accumulate large volumes of customer and business partner data over time. This wealth of data, often not governed by best data retention practices, presents an attractive resource for data thieves.


3. Dependence on Third-Party Services: Many SMEs rely on third-party vendors for IT and security services. Unfortunately, this creates a false sense of security, as ultimate responsibility for cybersecurity cannot be entirely outsourced.


4. Limited IT Expertise and Resources: The lack of a dedicated IT department or specific cybersecurity expertise often means SMEs do not invest in appropriate defensive tools, leaving them exposed to potential cyber threats.


5. Inadequate Training: Business owners of SMEs may not fully comprehend the extent of risks associated with cyber threats. This lack of understanding often sets the tone for the company's cybersecurity culture.


6. Constrained Budget: With a focus on maintaining business operations, SMEs often struggle to allocate sufficient budget towards cybersecurity. This, coupled with limited investment in Information Communication Technology (ICT), exacerbates the risk of operating with outdated equipment and software.


7. Insufficient Cyber Defences: Even basic cyber hygiene practices like maintaining firewalls, using strong passwords, and adhering to a regular patching schedule are often lacking in SMEs, making them vulnerable to common cyberattacks.


8. Neglected Software: SMEs often operate with outdated or poorly configured software due to limited resources and time. Such software installations, if neglected, can pose a potential security threat.


9. Limited Governance: Business owners of SMEs do not typically answer to a board or follow a formal governance model. This can result in cyber risks being deprioritised or overlooked entirely.


10. Direct Access to Decision Makers: The decision-making process in SMEs is usually faster and more direct than in larger corporations, which can be exploited by cybercriminals, especially in pressure-driven attacks like ransomware.

What Can You Do?

Understanding these factors can help SMEs recognise their vulnerabilities and take preventative action. It is evident that the first step towards mitigating these risks is raising awareness and improving education about cybersecurity among SME owners. By doing so, they will be better equipped to protect their businesses from being easy targets for cybercriminals.