SMBs vs. large enterprises: Not all compromises are created equal
Attackers view smaller organizations as having fewer security protocols in place, therefore requiring less effort to compromise. Lumu has found that compromise is significantly different for small businesses than for medium-sized and large enterprises.
“There is no silver bullet for organizations to protect themselves from compromise, but there are critical steps to take to understand your potential exposure and make sure that your cybersecurity protocols are aligned accordingly,” says Ricardo Villadiego, CEO of Lumu.
“Year after year, we see that compromise stays undetected for long periods of time – 201 days on average with compromise detection and containment taking approximately 271 days. It’s critical for smaller businesses to know they are more susceptible and to get ahead of the curve with safeguards.”
Results from the Lumu Ransomware Assessment show a few reasons why attacks continue to stay undetected for such long periods of time:
- 58% of organizations aren’t monitoring roaming devices, which is concerning with a workforce that has embraced remote working
- 72% of organizations either don’t or only partially monitor the use of network resources and traffic, which is problematic given that most compromises tend to originate from within the network
- Crypto-mining doesn’t appear to be a concern for the majority of organizations as 76% either do not know or only partially know how to identify it; however, this is a commonly used technique for cyber criminals
Additionally, threat data unveils attack techniques used and how they vary based on the size of the organization.
Small businesses are primarily targeted by malware attacks (60%) and are also at greater risk of Malware, Command and Control, and Crypto-Mining. Medium-sized businesses and large enterprises don’t see as much malware and are more susceptible to Domain Generated Algorithms (DGA). This type of attack allows adversaries to dynamically identify a destination domain for command and control traffic rather than relying on a list of static IP addresses or domains.