Phishing attacks are bombarding SMBs- 2022 Report

Closeup of young male theift in sweatshirt with hood transfering money from bills of stolen creding cards


Watch Out! Small and medium-sized enterprises (SMEs) are constant targets of cybercriminals due to the assumption that they have weak security protocols in place. One of the most common forms of cyber-attacks against SMEs is phishing, which is an attempt typically using email, or collaboration platforms such as Teams and Slack. These attacks trick individuals into providing sensitive information or downloading malware onto their systems. Channel Futures recently published an article detailing a study by N-Able that there has been a 18% increase in phishing attempts from 2021 to 2022 with a staggering 913 million known phishing attempts in 2022 alone. These attacks often lead to ransomware, a type of malware that can lock or encrypt a victim's files until a ransom is paid. 

 Phishing attacks typically involve sending fraudulent emails or chat messages that appear to be from a legitimate source, such as a bank, a supplier, co-worker, or a customer. The email may contain a link to a fake website that looks like the real one, or a malicious attachment that installs malware on the victim's computer when opened. Once the attacker gains access to the victim's system, they can work to attain privileged system access to search and steal information and/or deploy ransomware.  

 Effective protection against phishing and related malware threats requires strong security controls such as MFA, implementation of 24/7 endpoint monitoring and patching, EDR, threat detection, and pre-defined incident response plans. Effective security monitoring includes vulnerability management scans with real time reporting. Companies must identify and neutralize threats before they cause significant harm and proactively reduce their threat surface.  

 Companies should also conduct regular security awareness training for employees, which is crucial for preventing phishing attacks. These training programs educate employees on how to recognize and report phishing attempts, and how to avoid clicking on suspicious links or downloading unknown attachments and provide proof of annual awareness training which is a requirement for cyber insurance and many compliance standards. 

 Protecting SMBs from phishing attacks can be a daunting task, as these businesses often lack the necessary cybersecurity expertise and resources. However, one effective solution is to partner with a security focused technology partner, which provides a range of security services that help safeguard businesses against phishing attempts and ransomware.  

 As the threat of cybercrime continues to evolve, it is crucial for businesses to prioritize cybersecurity and work with trusted partners to protect their business. SMEs are increasingly becoming targets of phishing attempts that can lead to ransomware attacks. Partnering with an expert partner like Ballast Services provides businesses with the necessary cybersecurity expertise and resources to safeguard against the threat of phishing.  

Modernize, Optimize, Stabilize, and Secure your organization today. Contact us at 813-568-9011, visit our website at, or click on Get In Touch to speak with us today.