One cybersecurity firm’s 2023 data suggests that “small cracks” can lead to “big payouts” since small- and medium- sized enterprise abound.

While ransomware continued to be a threat in 2023, one cybersecurity firm has noted a broader set of threats targeting small- and medium- sized enterprises (SMEs), governments and the enterprise. 

In its cyber threat report based on its own 1.1m ‘security sensors’ in 215 countries and territories and shared threat intelligence from the cybersecurity community, among other sources, the firm, SonicWall, has identified four key trends.

Grouped by category, the trends are:

    • Malware: Total global malware volume rose 11% in 2023, with Latin America (+30%) and the US (+15%) logging the biggest jumps in its analysis. Europe saw a (-2%) decrease, with the UK seeing a steep decline of -28%.
    • Ransomware: Overall ransomware numbers saw a -36% decline year-on-year, spiking 37% in the summer months and in the second half of 2023.
    • IoT exploits: The global volume of such attacks rose 15% in the sample data, as connected devices continued to multiply rapidly, and bad actors targeted weak points of entry as potential attack vectors into organizations.
    • Encrypted threats: These threats spiked 117% globally as threat actors opted for a stealthier, less risky means of malicious activities.

Overall attack numbers in the firm’s data climbed 20%, totaling more than 1bn attempts compared to the same time period in 2022. The global crypto jacking volume had risen by 659%. For 2024, the firm posits that cybercriminals and state-sponsored threats are adapting their abilities to gain access to critical infrastructure, making the threat landscape even more complex and forcing organizations to reconsider their security needs.
As SMEs comprise 80% of the firm’s clientele, the trends and findings portray a cyber threat landscape “centered less around large multinational conglomerates, and more on businesses”.

Said the firm’s president and CEO, Bob VanKirk: “It has become clear that conventional network security isn’t enough. Security professionals need assistance to cope with the overwhelming volume of cyberattacks and protect from the endpoint to the Cloud. Especially as the Cloud becomes an indispensable reality for businesses, the role of managed service providers is shifting from technical maintenance to raising the bar on their customers’ security posture.”