Small businesses are increasingly seeing the same cyberattacks and techniques as large enterprises in contrast with previous years, according to the 2020 Verizon Data Breach Investigations Report.
The last time Verizon researchers tracked small business attacks was in the 2013 DBIR. At that time, SMBs were hit with payment card cybercrime. Today, the attacks are aimed at web applications and errors due to configurations. Meanwhile, the external attackers are targeting SMBs just like large enterprises, according to Verizon.
Verizon found that small companies with less than 1,000 employees are seeing the same attacks as large enterprises. Why? SMBs have adjusted their business models to be more cloud based and rhyme more with large companies. One big difference between SMBs and large enterprises is the number of attacks. Verizon noted:
Breaches are more than twice as common in the larger companies than in the small ones. Does this mean the small organizations are flying under the radar, or are they simply not aware they've received visitors of the uninvited variety? And the inequality between the two when it comes to number of incidents is staggering. Is it an obvious case of "mo' money, mo' problems" for large enterprises?
Verizon ultimately concluded it was tough to call. One big difference is that SMBs discovered breaches faster as large enterprises may take months or years to discover. The difference in footprint and assets probably accounts for the difference. SMBs by moving to the cloud have also reduced their attack surface.
Here's a look at the attacks facing SMBs vs. large enterprises.