76 percent of US businesses have experienced a cyberattack in the past year

SMBs in the country are becoming a firm favorite as targets for cybercriminals.

What is Black Hat and why is it so important? CBS' Dan Patterson is at Black Hat in Las Vegas. He breaks down why it is a must-see for hackers and cybersecurity professionals, plus the most interesting things happening at this year's conference.

Small and medium-sized businesses in the United States have become the global favorite for cyberattackers to target, new research suggests. 

A study published on Tuesday by the Ponemon Institute and conducted on behalf of Keeper Security, called the 2019 Global State of SMB Cybersecurity report, says that 66 percent of SMBs worldwide have reported a cyberattack within the past 12 months -- and 76 percent of those included in the survey are based in the United States. 

The research is based on responses gathered from over 2,300 participants in the IT and cybersecurity industry based in the US, UK, and various other countries. 

Ponemon says that for the third year in a row, SMBs are reporting a "significant increase" in cybersecurity incidents. 

See also: Court reinstates lawsuit over Google iPhone user tracking

In total, 63 percent of organizations reported the loss of sensitive corporate or customer information in the past 12 months. This figure rose to 69 percent in the US, an increase from 50 percent four years ago. 

Attacks against businesses in the UK, US, and Europe are on the rise. Rather than this acting as a catalyst for cybersecurity improvements, however, 45 percent of respondents said that their organization's IT posture is "ineffective" and 39 percent said there was no form of incident response in place to deal with the aftermath of a breach. 

CNET: Governments call on Facebook to pause encryption efforts

The most common forms of cyberattacks SMBs currently face are phishing, compromised or stolen devices, and credential theft. Stolen devices, in particular, are a problem in the era of Bring-Your-Own-Device (BYOD) schemes.

Smaller companies may choose not to invest in handsets for employees that can be ringfenced securely and monitored for suspicious behavior. 

In total, 48 percent of those surveyed said that they access over half of their business-critical applications from their devices, despite approximately the same number of people saying this impacts the security of their businesses. 

TechRepublic: Yahoo porn hacking breach shows need for better security: 5 ways to protect your company

Throwing cash at cybersecurity vendors and solutions does not necessarily mean that businesses are protecting themselves. 

An AttackIQ and Ponemon report released in June showed that over half of enterprise companies are investing up to $18.4 million into cybersecurity but admit they have no idea how well their tools are performing. 

Basic improvements to security hygiene and posture can be the most effective weapons available to fight cyberattackers, and when it comes to SMBs, closing potential attack avenues -- such as the use of insecure devices, patching, and enforcing constant credential changes -- can make all the difference. 

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0