CyberCatch has announced the publication of its quarterly Small and Medium-Sized Businesses Vulnerabilities Report (SMBVR) for Q1 2022 to alert small and medium-sized businesses (SMBs) to an alarming rise in vulnerabilities detected in Internet-facing websites, servers and applications. Of greatest concern, CyberCatch’s SMBVR has detected – for the first time in the report’s history – substantial levels of vulnerability among both US and Canadian SMBs to ‘session riding’ attacks, an insidious tactic that forces authenticated users to unknowingly submit malicious requests that can have drastic consequences.
The SMBVR is a quarterly research study focused on SMBs in North America to detect vulnerabilities that a cyber attacker can identify and exploit to break into a business, steal data and or infect its systems with ransomware. The Q1 2022 SMBVR was comprised of scans of a random sample of 12,050 SMBs (10,878 in the US and 1,172 in Canada) in 10 high-value target segments. Key findings of the Q1 2022 study include:
- 82% of US and 78% of Canadian SMBs have spoofing vulnerabilities that attackers can easily exploit.
- CyberCatch’s report detected significant levels of session riding vulnerability among SMBs, with 50% of such businesses in the US demonstrating this vulnerability and 49% in Canada. This is the first time this vulnerability has reached such critical levels in the research report.
- Spoofing, clickjacking, session riding and sniffing are the four key vulnerabilities that SMBs are susceptible to in the US and Canada.
- Spoofing, clickjacking and sniffing vulnerability levels more than doubled in the US when compared to Q4 2021.
- Defence contractors, manufacturers, Managed Service Providers (MSPs), technology companies, colleges and universities, legal and accounting firms and medical practices have significantly higher rates of vulnerabilities both in the US and Canada.
“The Q1 2022 SMBVR should be a wake-up call for all types of SMBs. The high levels of vulnerabilities detected – across all 10 segments both in the US and Canada – is very concerning,” said Sai Huda, Founder, Chairman and CEO, CyberCatch. “It indicates that large numbers of SMBs have security holes that can be easily exploited remotely to steal data and install ransomware. This is an existential threat to SMBs – and to the overall economies of the US and Canada.
“Given its size, limited knowledge about cybersecurity and resources, an SMB may never be able to recover from a cyberattack. Foreign adversaries and criminal gangs view SMBs as the weakest link in the chain and are increasingly targeting SMBs for the initial payout but also to get to the eventual larger target who the SMB may be a supplier to (upstream risk), or to the SMB’s customers (downstream risk) and in the process, they don’t care a bit about any collateral damage caused or if the SMB survives or not.”