"But new security research from the Data Breach Observatory shows that's changing: Small- and medium-sized businesses (SMBs) are now more likely to become a target. This change in tactic has been caused by large businesses investing in their cybersecurity and also refusing to pay ransoms. Cybercriminals are less likely to extract anything of value by attacking these businesses, so instead they're turning to attacking smaller businesses."
"While the payday may be smaller when attacking SMBs, by increasing the volume of attacks, cybercriminals can make up the shortfall. Smaller businesses have fewer resources to protect their networks and thus have become more reliable targets. Four in five small businesses have suffered a recent data breach. By examining some of these data breaches and the companies they affected, a pattern emerges, and failings can be identified. Here are three key SMB data breaches from 2025:"
In 2025 small- and medium-sized businesses became primary targets as cybercriminals shifted away from large firms that improved defenses and refused ransom payments. Attackers increased the number of attacks against SMBs to offset smaller payouts, exploiting weaker security budgets and limited network protection. Four in five small businesses experienced a recent breach, exposing customer data and operational risks. Patterns across breaches reveal recurring failures in security controls, access management, and incident response. Effective protections include basic cyber hygiene, multifactor authentication, regular backups, employee training, vulnerability management, and tailored incident response planning for SMB constraints.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]