Annual Breach Report: Incidents That Affected SMBs The Most In 2020

Ransomware attacks, phishing, breaches of personal information… all of these are incidents that continue to plague small and mid-sized businesses and directly impact their bottom line.

Just one wrong click on a phishing email by an employee can cause costly repercussions for years due to loss of business and reputation after a data breach. These remediation costs go well beyond just the initial cleanup. One example is the college of DuPage, a community college in Illinois. The college suffered a data breach in March of 2020 that exposed the personal and tax details of 1,755 staff members. This resulted in the college needing to purchase ongoing free credit monitoring for all those impacted. Businesses have begun to move away from the “it won’t happen to me” mentality and realize that everyone’s a target. 73% of SMBs say they plan to invest more in their IT security over the next year. Cybersecurity protections and networks with 24/7 monitoring are now as important as having a working Wi-Fi connection, otherwise the results of an attack can be devastating. 60% of small businesses have to close their doors for good within 6 months of falling victim to a cyberattack or data breach.

Attack Types That Impacted SMBs This Year

2020 has been a busy year for cybercrime due to the pandemic. Criminals have been taking advantage of the disruption of normal business operations and distraction of COVID-19. In April of 2020, the FBI reported that cybercrime reports had increased 400% since the pandemic began. Here are some of the major attack types that have impacted SMBs the most so far this year.

Misconfiguration of Databases & Cloud Services

The 2020 Mid Year Data Breach QuickView Report from Risk Based Security found that the number of exposed records during the first half of 2020 was 4x higher than any other reported time period prior. The culprit was misconfiguration of databases and cloud services. Misconfiguration is when account owners fail to put the proper settings in place to secure their account and/or databases. If you’re using a platform like Microsoft 365 “out of the box” without any custom security settings, this can leave you at risk of a misconfiguration breach.

Remote Worker Security

The pandemic has caused an unprecedented rise in the number of remote workers in Rhode Island and the rest of the country. This had led to multiple security challenges to keep all those remote home networks secure so company data isn’t exposed. Since the beginning of the pandemic, 20% of surveyed businesses of all sizes stated they’ve suffered a data breach due to remote workers. 


In 2019, it was found that ransomware was the most likely type of attack to cause over 24-hours of downtime for SMBs and enterprises alike. The danger of ransomware has been experienced by plenty of small businesses in 2020 that are a prime attack target. Earlier this year, several new forms of malware have been seen attacking small business networks. Names include, WastedLocker, TheifQuest, Buran, Dargate, and Tycoon. One small business in Kentucky had their network of eight computers completely disabled by ransomware and ended up having to pay $150,000 in ransom. Without a reliable backup and recovery system, most SMBs have no choice when hit with ransomware but to either lose their data or pay the ransom and hope the attacker follows through with their end of the deal. 

Phishing Attacks

There’s been an increase in phishing attacks this year of over 650%, which has been a big threat for SMBs. Phishing is the number one delivery method for malware like ransomware, spyware, viruses, and multiple other threats. Phishing attacks target vulnerable employees that can be easily fooled by convincing-looking fake messages. These emails often use the logo and signature of a legitimate company and can even appear to be sent from inside your own company.

Credential Theft

With so much of a company’s data now being stored in the cloud in platforms like G Suite, Dropbox, and Microsoft 365, credential theft has skyrocketed. If a hacker has a legitimate employee password, they can often bypass system security protections designed to keep them out. The problem with account security has led to a rise in alternate login methods to passwords alone. This includes things like biometrics, SSO technology, and the use of multi-factor authentication in addition to a password to keep fraudulent users from gaining access.

Beef Up Your Cybersecurity to Prepare for 2021

Onsite Techs of Rhode Island has dedicated IT security experts that can help your business identify any vulnerabilities in your cybersecurity strategy and implement needed safeguards. Contact us today to set up a consultation at 401-415-6290 or reach out online.