ThreatList: 90% of SMBs Believe Nation-State Actors Are Targeting Them

smb apt threat

Larger SMBs are more likely to feel targeted by APTs.

While APT activity is generally considered to be aimed at large enterprises housing valuable intellectual property, military-industrial entities, dissidents and civil society, and organizations of strategic importance to governments, the vast majority of small- and medium-sized businesses (SMBs) are concerned that they may be on the target list.

A full 93 percent of all SMB executives in a recent survey from AppRiver believe that nation-state-backed attackers are attempting to use businesses like theirs to breach the country’s digital security. And, this already-high figure jumps to 97 percent among larger SMBs with 150–250 employees. The reasoning goes that APTs see SMBs as entry points into a supply chain through which they can access larger game.

Overall, two-thirds (66 percent) of SMB execs (and three quarters or 76 percent of execs at larger SMBs) also believe that foreign attempts to breach national security or wage cyberwar will be more severe next year in the run up to the presidential election.

SMBs operating in specific verticals – government, healthcare and pharmaceutical, technology and telecom, and transportation and logistics – are the most concerned about these kinds of attacks, the data shows.

“It is possible that as a small business grows, it could become a more likely target for bad actors,” according to the report. “It is also possible that small businesses with cloud-based services with built-in security and fewer employees have fewer vulnerable attack entry points. However, as this year’s growing attacks on local municipalities, schools and small hospitals have shown, smaller organizations can no longer count on flying below the radar and being ignored by cybercriminals.”

These fears go hand-in-hand with planned investment. The survey, released on Tuesday, found that 62 percent plan to increase their cybersecurity budgets in 2020 to shore up their defenses against these types of attacks. Just a fraction (8 percent) plan to reduce investment, while around a third (30 percent) plan to maintain their budget at the 2019 level.

Once again, larger SMBs trend slightly differently from their compatriots. Three-quarters (75 percent) of those with between 49 and 149 employees said they plan to increase their budget in 2020 and 17 percent plan to maintain their 2019 budget. Among SMBs with 150-250 employees, 81 percent plan to increase their budget in 2020 and just 10 percent plan to maintain their 2019 levels.

In all data sets, just a fraction (8 to 9 percent) plan to reduce their spending; these companies largely fall into the nonprofit (48 percent) and hospitality (47 percent) sectors.

The report found that verticals that are most likely to increase cybersecurity budget in 2020 include technology and telecom (77 percent), government (76 percent), manufacturing (73 percent) and financial services/insurance (71 percent).

Free Threatpost Webinar: Risk around third-party vendors is real and can lead to data disasters. We rely on third-party vendors, but that doesn’t mean forfeiting security. Join us on Dec. 18th at 2 pm EST as Threatpost looks at managing third-party relationship risks with industry experts Dr. Larry Ponemon, of Ponemon Institute; Harlan Carvey, with Digital Guardian and Flashpoint’s Lance James. Click here to register.

Suggested articles