🚨 𝗡𝗜𝗦𝗧 𝗪𝗲𝗯𝗶𝗻𝗮𝗿: Protecting Your Small Business from Phishing Risks
Join NIST on Aug 14 @ 11 AM PT for a free webinar on recognizing, preventing, and responding to phishing attacks. Learn real-world examples, low-cost protections, and get free training resources.
🔗 𝗥𝗲𝗴𝗶𝘀𝘁𝗲𝗿: https://nist.zoomgov.com/webinar/register/WN_KHr1zWkiT-azgzEEeAtvjw#/registration
#Cybersecurity #SmallBusiness #Phishing #NIST #SMBsecurity

📈 Ransomware and vulnerability exploitation are surging — and attackers are moving faster, hitting harder, and targeting smaller victims more aggressively than ever.

Verizon’s 2025 Data Breach Investigations Report reveals sharp increases across multiple threat vectors:
- Ransomware was present in 44% of breaches (up 37% YoY)
- Exploited vulnerabilities surged 34%, nearly matching credential abuse
- Third-party involvement in breaches doubled, from 15% to 30%

Ransomware now disproportionately impacts small and mid-sized businesses:
- 88% of SMB breaches involved ransomware
- Compared to just 39% in larger organizations
- While ransom payments declined, attack frequency and speed continue to rise
- Median ransom payment dropped from $150K → $115K

Vulnerability exploitation is tightly linked:
- 20% of initial breach vectors came from unpatched vulnerabilities
- Edge devices and VPNs were hit hardest (Ivanti, Cisco, Fortinet, Palo Alto)
- Edge device exploitation grew 8x YoY
- Only 54% of known edge vulnerabilities were fully remediated — median patch time: 32 days

Espionage-motivated breaches also leaned heavily on vulnerabilities:
- In 70% of these cases, initial access came from unpatched flaws
- Ransomware operators and state-backed actors continue to exploit the same gaps

The bottom line: attackers aren’t changing tactics — they’re maximizing opportunity.

At @Efani, we believe these numbers paint a clear picture. SMBs, edge networks, and third-party dependencies are now prime targets. Ransomware may not always demand a payment, but it always demands attention.

#CyberSecurity #Ransomware #VulnerabilityManagement #DataBreach #SMBSecurity #DBIR2025 #ThirdPartyRisk #EfaniSecure

Did you know 1 in 3 SMBs faced cyberattacks last year? Time to improve your security for your business.!

#SMBSecurity #CyberAwareness #BusinessSafety https://zurl.co/5jvDn

NIST CSF 2.0 has a new format and organization that may make it easier to manage, especially for small and medium-sized organizations. 😮😃 Read this article to get the latest on NIST CSF 2.0, including what's hot and what not. 🔥❄👇

Find out why the National Institute of Standards and Technology (NIST) updated the #Cybersecurity Framework (CSF), see what's changed + what's stayed the same, and learn about:
🔺 The new Governance Function
🔺 Other new subcategories in CSF 2.0
🔺 How you can achieve your NIST CSF 2.0 objectives
& more...
https://graylog.org/post/nist-csf-v2-whats-hot-and-whats-not/ #SMB #SMBsecurity #nistcsf #nistcybersecurityframework

Walk through a customer incident with me!

What happens when attackers can SEO their fake application to the first page of search results, alerts fire along the way, and you have a customer and secops team that are top notch!

https://www.blumira.com/masked-application-attack-incident-report/

#incidentresponse #malware #dfir #smbsecurity #lolbas #bankingindustry #creditunions

In case you missed it: the incredible story of how @jwgoerlich and @Tzefira_Neviah nearly had their foundation’s conference funds stolen — DURING THE OPENING OF THE CONFERENCE. Check it out. #SMBsecurity

https://www.securingsexuality.com/the-podcast/episode-57-we-got-conned-our-conference-proves-it-can-happen-to-anyone#/

PROCHAIN QUÉBECSEC: 28 septembre 2023 à La Console - interface humaine!

Venez écouter les prochains conférenciers du QuébecSec de septembre: Francois-Gabriel Auclair avec sa présentation intitulée "Intro Hackfest 101", et Dominic Villeneuve avec sa présentation "La Réalité de la Cybersécurité dans les PME : Obstacles et Solutions".

Deux belles conférences, de la pizza, et de bien belles discussions en vue! Pour plus d'information et lien d'inscription: https://quebecsec.ca/event/realite-pme.html

Merci à notre sponsor officiel Bell Canada , dont le soutien continu permet à QuébecSec d'organiser des événements de qualité.

#cybersécurité #québecsec #quebecsec #security #sécurité #cybersecurity #conference #infosec #quebeccity #quebec #smbsecurity #hackfest #hf2023 #hf15 #hackfest2023

This must be the day of really cool things... The University of Texas at Austin is launching a pilot program where students will offer #cybersecurity advice to small businesses free of charge.

University leaders say they hope the program, which is modeled after law-school clinics, in which student lawyers work pro bono, will eventually evolve into a 311-style service for companies grappling with cyberattacks to access free resources that the federal government cannot always provide. [Via WSJ --> Wired] https://www.wired.com/story/ut-austin-cybersecurity-clinic-311 | #infosec #SMBs #smbsecurity

There's a bogus statistic that's been floating around for a long time stating that 2/3 SMBs go out of business after a #cybersecurity breach. While that particular stat is false, it's 100% true that SMBs are disproportionately impacted by security incidents. Here's a clip from the 2022 Information Risk Insights Study from @cyentiainst and CISA.
***
On the surface, the absolute costs of a typical or extreme loss event for large organizations exceed those of small companies by more than 10X. That’s certainly worth incorporating into enterprise cyber-risk assessments. But some simple math yields another important finding lurking just under the surface. A $10B enterprise hit with the typical (geomean) loss amount for that size tier of $516K can expect a cost that represents 0.00516% of annual revenues. A small shop that brings in $100K per year could lose nearly its entire annual earnings in a typical loss event ($88K)!

Diving even deeper into the topic of relative impact, Figure 8 plots historical event losses as a percentage of annual revenue. There, we see that the reported losses for two-thirds of all publicly known security incidents fall below 1% of revenue (and most of those far below that mark). A little over a quarter of incidents fall in the span between 1% and 100%, while 6% actually exceed the organization’s yearly income. What’s more, some events exceed revenue by 100X!

The colors applied to Figure 8 bring us back to the discussion of the relative impact of cyber events on small vs. larger organizations. Gartner defines a small business as one having less than $50M in annual revenue. So, that’s the distinction that appears here in red. It’s clear that the majority of loss events involving midsize and large firms (in blue) fall below 1% of their income, while the higher ratios on the right side of the spectrum are almost entirely populated by small businesses. Here’s a sobering stat: SMBs were the primary victim in 89% of all cyber loss events that exceeded 10% of revenue.

Get full report: https://www.cyentia.com/iris-2022/

#smb #smbsecurity #smallbusiness #cyberrisk #cyberresilience #databreach #databreaches