The most alarming cybersecurity threats for SMEs

Home » The most alarming cybersecurity threats for SMEs

Small businesses may consider themselves too little to appeal as an inviting target for cyber-attacks. They could not be more mistaken. Indeed, they face the same (if not greater) risk of being a victim of cyber-crime. Surprisingly, two out of three UK small firms suffered hacker’s attacks between 2014-2016 (as reported from Federation of Small Businesses).

For a company of this size, cyber-attacks could mark the difference between being profitable or going bust given the huge damage that this wreaks on an (often young) brand reputation, loss of assets and revenue and the expenses associated with repairing such damages. Not to mention the legal implications, where businesses fail to have the prescribed measures in places to protect data and the privacy of clients (under the forthcoming GDPR fines can be anything up to 4% of annual turnover).

The following provides a list of the most dangerous issues for SMEs and how to prevent them.

Lack of cybersecurity knowledge

The fact of having robust strategies and policies in place is completely futile if employees are not adequately informed, or even unaware of them. If your staff is not in possession of at least a basic grasp of cybersecurity, any measure will be useless.

A well-targeted, persuasive phishing email could convince an employee to hand over his credentials and an IT team cannot supervise everybody’s actions. This is why ongoing training and education are vital elements in minimizing cyber-risk and avoiding putting the business in jeopardy.

A good remedy would be to provide training sessions to support employees in managing passwords and recognizing phishing or fraud attempts. Hiring incident-handling professionals into join the IT team is another valuable resource, to support recovery should cyber-hacks occur.

DDoS attacks

Distributed Denial of Services attacks (DDoS) are meant to hit websites with huge amounts of web traffic (Twitter and Netflix have been among the victims). ). The main purpose is to slow the websites down and, eventually, make crucial services unavailable. If an SMEs relies on external website services to function, then the effects of DDoS can be devastating (attacks last around 12-24 hours and cause an average, estimated damage of £30k).

So what can SMEs do to protect itself? Unfortunately they can’t prevent a DDoS attack taking place but they can plan an effective DDoS response by mitigating DDoS through extra bandwidth, making website architecture as resilient as possible or using CDN (Content Delivery Network).


Malware is a software secretly installed on a machine to perform actions for the advantage of a third party. Several types of malware are storming the web: spyware, ransomware, Trojans, adware. All with the common intent to penetrate and destroy IT networks.

To effectively prevent malware from taking action, businesses should consistently invest in robust anti-virus technology. Most importantly, firewalls, operating systems and firmware have to be continuously updated.

Phishing (and spear phishing)

Cybercrime is becoming ever more sophisticated, but phishing still remains one of the most effective means used by criminals to introduce malware into the business. In particularly, spear phishing is even more insidious and dangerous than traditional phishing. In this case, emails are designed to appear to originate from an extremely trusted source that the recipient knows (such as a valued client or a manager). Cyber criminals may also study the social media accounts of “highly-valued” victims to obtain useful insights to make the email look more authentic.

Again, a well-educated staff is fundamental to better spot malicious emails and prevent ransomware locking down business computers. SMEs should also be in possession of secure backups of their critical data.

Internal Attacks

Shocking as it seems, this should not come a surprise. Internal attacks are one of the most frightening threats that SMEs have to face today. So-called “rogue employees” with access to sensitive data or privileged accounts are able to cause tremendous damages.

To defend themselves, SMEs can improve the monitoring activity of privileged accounts in order to track any illicit action. The following action would be to shut down accounts no longer in use, or connected with employees no longer working in the company.

Role of

How can help SMEs protect themselves from these threats? Cyberwatching aims to make the Online & Digital landscape a safer place to interact, by promoting the uptake of innovative cybersecurity and privacy services generated from R&I activities all over Europe. The project enables SMEs to freely access a marketplace with an updated catalogue of services to further improve their safety in this respect, and provides legal support through a dedicated section. Submit your project in the catalogue section and showcase your excellence! 


On 18 July 2019, will organize a webinar in collaboration with the GDPR Cluster projects entitled “GDPR compliance in the emerging technologies”.

Future Events

The 14th International Conference on Availability, Reliability and Security (ARES 2019), will be held from August 26 to August 29, 2019 at the University of Kent, Canterbury, UK.

26/08/2019 to 29/08/2019

PROTECTIVE is co-organising the 2nd International Workshop on Cyber Threat Intelligence Management(CyberTIM 2019) as apart of the ARES 2019 conference in the UK on 26-29 August 2019.

26/08/2019 to 29/08/2019