Smaller Companies are at Greater Risk of Malware, Command and Control, and Crypto-Mining

New cybersecurity report exposes how compromises impact organizations differently depending on size and industry

MIAMI, FL – Attackers view smaller organizations as having fewer security protocols in place, therefore requiring less effort to compromise. Lumu, creators of the Continuous Compromise Assessment cybersecurity model that empowers organizations to measure compromise in real time, has found that compromise is significantly different for small businesses than for medium-sized and large enterprises. Today, the company released its 2022 Compromise Flashcard, which looks back on compromise over the last year and tells the story of how different attacks impact organizations globally.

“There is no silver bullet for organizations to protect themselves from compromise, but there are critical steps to take to understand your potential exposure and make sure that your cybersecurity protocols are aligned accordingly,” says Ricardo Villadiego, Founder and CEO of Lumu. “Year after year, we see that compromise stays undetected for long periods of time – 201 days on average with compromise detection and containment taking approximately 271 days. It’s critical for smaller businesses to know they are more susceptible and to get ahead of the curve with safeguards.”

Results from the Lumu Ransomware Assessment show a few reasons why attacks continue to stay undetected for such long periods of time:

58% of organizations aren’t monitoring roaming devices, which is concerning with a workforce that has embraced remote working

72% of organizations either don’t or only partially monitor the use of network resources and traffic, which is problematic given that most compromises tend to originate from within the network

Crypto-mining doesn’t appear to be a concern for the majority of organizations as 76% either do not know or only partially know how to identify it; however, this is a commonly used technique for cyber criminals

Additionally, threat data across Lumu’s 3,500 customer base unveils attack techniques used and how they vary based on the size of the organization.

Small businesses are primarily targeted by malware attacks (60%) and are also at greater risk of Malware, Command and Control, and Crypto-Mining. Medium-sized businesses and large enterprises don’t see as much malware and are more susceptible to Domain Generated Algorithms (DGA). This type of attack allows adversaries to dynamically identify a destination domain for command and control traffic rather than relying on a list of static IP addresses or domains.

KnowBe4 also contributed to the report, highlighting that risks associated with phishing depend on the size and vertical of the company. Data from KnowBe4 indicates that small and medium-sized Healthcare and Education organizations are most at risk for phishing. For large businesses Insurance, Consulting and Energy & Utilities are the most at-risk verticals.

To view the full findings of the 2022 Compromise Flashcard, please download/view here.

About The Author