Four out of 5 organisations experienced a cybersecurity breach originating from a vulnerability in their third-party vendor ecosystem during the first half of 2021, according to cyber protection firm Acronis.
The company also noted that small and medium-sized businesses (SMBs) are at particular risk based on the attack trends seen during the first six months of the year.
That’s at a time when the average cost of a data breach rose to around $3.56 million, with the average ransomware payment jumping 33% to more than $100,000, it said.
While that represents a major financial hit to any organisation, those amounts would sound the death-knell for most SMBs, which Acronis believes is a major concern for the second half of 2021.
Candid Wüest, VP of Cyber Protection Research, Acronis, said, “Unlike larger corporations, small and medium-sized companies don’t have the money, resources, or staffing expertise needed to counter today’s threats. That’s why they turn to IT service providers – but if those service providers are compromised, those SMBs are at the mercy of the attackers.”
By utilising supply-chain attacks against managed service providers (MSPs), attackers gain access to both the MSP business and all of its clients. As seen in the SolarWinds breach last year and the Kaseya VSA attack earlier in 2021, one successful attack means they can breach hundreds or thousands of SMBs downstream.
At Black Hat 2021, Wüest will provide an in-depth look at how supply-chain attacks against IT service providers pose a particular threat to SMBs in a session titled Ransomware Attacks Against MSPs – A Nightmare for SMBs.
ALSO READ: Kaseya cyber-attack: Ransomware is just a symptom of a larger problem, say experts
Beyond the high-profile attacks that have dominated the headlines during the past six months and the concerns Acronis is raising about the impact on MSPs and small businesses, the Acronis Cyberthreats Report Mid-year 2021 also has phishing attacks continue to grow rampant. Using social engineering techniques to trick unwary users into clicking malicious attachments or links, phishing emails rose 62% from Q1 to Q2. That spike is of particular concern since 94% of malware is delivered by email.
The report also revealed that in 2020, more than 1,300 victims of ransomware had their data publicly leaked following an attack, as cybercriminals look to maximise the financial gain from successful incidents. During the first half of 2021, more than 1,100 data leaks have already been published – which projects a 70% increase for the year.
Furthermore, it showed that remote workers continue to be a prime target, with Acronis observing that more than twice the number of global cyberattacks, with a 300% increase in brute-force attacks against remote machines via RDP.
