Ransomware remains the largest cyber threat to SMBs

What lies ahead as organizations move toward strengthening their cyber resiliency posture in the face of ever-increasing cyberattacks and cyber warfare. The recent report published by 2022BrightCloud Threat Report outlines key data points and trends affecting small and large businesses worldwide, as well as individuals in the new hybrid, interconnected world.

Remote and hybrid work environments, along with rapidly shifting world affairs, continue to alter how we interact and present new security challenges that open lucrative avenues for bad actors. Last year, phishing attacks escalated across email, text, and other communications platforms, and new high-risk malicious URLs were found hiding behind proxy avoidance and anonymizers. Alternatively, while browser-based crypto-jacking may have practically disappeared, crypto-mining malware shifted into the mainstream as cybercriminals continue looking for ways to compromise data and personal information.

“Businesses’ ability to prepare for and recover from threats will increase as they integrate cyber resilience into their technologies, processes, and people,” said Mark J. Barrenechea, OpenText CEO & CTO. “With security risks escalating worldwide and a persistent state of ‘unprecedented’ threats, compromises are inevitable. This year’s findings reiterate the need for organizations to deploy strong multi-layered security defenses to help them remain at the heart of cyber resilience and circumvent even the most creative cybercriminals.”

Key Report Highlights:

Phishing & Impersonated Companies:

Malware, ransomware attacks, and cryptocurrency scams all make extensive use of phishing.  Phishing attacks through emails, texts, and other communication platforms remain the first step in many other attacks. The report suggested that four million new high-risk URLs were in existence in 2021. To make matters worse, almost 66% of them involved phishing. Cybercriminals look to certain times of the year to execute their attacks. They are also keen to impersonate well-known brands to lure you into clicking on malicious links.

  • 770% overall phishing activity spike during May 2021
  • January ? April 2021 saw a mere 9% of phishing activity
  • 54% of all detected phishing URLs in 2021 were from top-targeted brands: Apple, Facebook, YouTube, Microsoft, and Google

?Cybercriminals like to use tax season as an opportunity to execute attacks like spear phishing and spoofing. Be wary of suspicious emails that are attempting to lure you into providing your personal information to unlock your credentials, confirm your tax return details or refund eligibility. Businesses and individuals alike can easily fall for such attempts. Always ensure that any communication you receive comes from a legitimate source. Never respond to unsolicited emails asking you to provide personal information,? says Grayson Milbourne Security Intelligence Director.


Ransomware continues to be the biggest cyber threat facing SMBs. In 2021, 82% of ransomware attacks targeted organizations with less than 1,000 employees. The smallest organizations, with 100 employees or less, comprised 44% of the ransomware victims. And 84% of all ransomware attacks now include threats of data breaches, a modest increase from a year before.

Not surprisingly, insurance companies are raising their rates for cyber insurance policies. They?re also making it tougher to get cyber insurance. For instance, insurance companies may require a series of technical controls to be implemented. That may be particularly challenging for SMBs because of the complexity and cost of such controls

As a result, many organizations are shifting from relying on cyber insurance policies to increasing the strength of their layered defenses to be more resilient against ransomware attacks.

?We will continue to see shorter times from initial compromise to ransomware deployment. We will also see attackers engage in rebranding to make attribution more difficult. As attackers become more strategic about who they attack, SMBs become a highly lucrative option. Attackers assume these types of businesses have little in the way of protection and are more willing to pay their ransom demands,? states Matt Aldridge, Principal Solutions Consultant.


Whether you operate a business or spend time online surfing the web, the malware remains a concern. In the last year, 86% of malware remained unique to a PC, which has been consistent for the past few years. This implies attackers are obtaining a level of consistency in what they do to avoid being caught.

While the goal of spreading infection is top of mind for a bad actor, infection rates are not equal. When we examined the trends between businesses and consumers, there are some marked differences:

  • 53% of consumer PCs were infected more than once, but businesses lag in migrating from Windows 7, leaving them more suspectable to infection.
  • For medium-sized organizations (21 to 100 licensed PCs) infection rates are just over one-third (34%), infecting nine PCs on average.
  • The manufacturing, public administration, and information sectors experienced higher-than-average infection rates
  • 86.3% of malware is unique to a single PC; consistent YOY
  • 83% of Windows malware hides in one of four locations, noting that app data saw a 46% decrease from the prior year, and desktop saw a 40% increase from the prior year
  • TO NOTE: The number of malware files reaching Webroot-protected Windows endpoints dropped 58% between 2020 and 2021.

?Despite the improvement in infection rates this year, consumer PCs continue to have higher rates of infection in comparison to business PCs. With the introduction of Windows 11, bad actors won?t think twice about engaging in new and dangerous exploits that leverage new features not previously available, ? added  Milbourne.

Infection Rates by Industry:

Manufacturing was the industry most likely to be infected in 2021 based on a willingness to pay ransoms to prevent supply chain disruptions. The 2021 Colonial Pipeline incident was reminiscent of the damage and chaos from the 2017 NotPetya ransomware by Russian nation-state attackers on the Ukrainian supply chain. Experts anticipate seeing more attacks targeting manufacturers and supply chains in 2022.

  • Manufacturing registered 54% above average in 2021
  • Public Administration saw a 41% rise above average in 2021
  • Finance and Insurance were 22% below average in 2021

Infection Rates by Region:

  • Japan, the United Kingdom, North America, and Australia saw infection rates drop by 51% since the year prior
  • United States held the largest number of malicious IP addresses and convictions (24.3%)
  • Netherlands had the highest number of convictions per bad IP address (average of 526), meaning that each malicious IP address in the Netherlands performed more malicious activity on average than the average malicious IP address in other countries.

“Cyber resiliency is a top proactive priority for organizations worldwide,” said Craig Robinson, IDC Program Director, Security Services. “Better understanding the known threats will play a key role in building and maintaining a strong layered security approach.”

Adopting cyber resilience allows you to prepare and recover from attacks. Through a defense-in-depth approach, you can act more quickly to thwart malicious threats from spreading, minimize the likelihood of a major data breach and restore your operations. Only through cyber resilience can we truly make progress in our fight against cybercrime.

Share on

Leave a Reply

Your email address will not be published. Required fields are marked *