The number of warnings provided to SMEs over the past several years regarding cybercrime and hacking borders on torrential. It’s easier for many business owners to start ignoring this advice when they haven’t come under attack themselves.

But we sing a different tune. Although the huge number of warnings can be easy to ignore, the reality is now more drastic than ever: if you don’t act, you could lose your business.

The most recent Cisco Cybersecurity report puts this in perspective: many SMEs just don’t understand how pervasive these attacks are, and how threatening they could be if even one is successful.

What are business owners missing?

Most businesses would know about malware, but many aren’t aware of just how threatening and monstrous it’s becoming.

According to the latest Cisco Annual Cybersecurity Report, there has been a huge rise in autonomous malware: hackers now create systems that require less human oversight, and therefore replicate and spread at a higher rate.

And while business owners might be aware of attacks that lock computers in exchange for a ransom payment – known as ransomware – some malware attacks are now just moving straight into obliterating data – no warning, no ransom. Just destruction.

Hackers are also coming up with new ways to bypass encryption, and they use online services like Dropbox or Google services to mask their activity. Not to mention the growth of connected devices, allowing hackers to infiltrate those devices and use them for nefarious purposes.

Gaining access to these devices means they can be used in DDOS attacks, flooding businesses with traffic to take them down. These types of attacks are “thriving” – Cisco’s words – because SMEs just aren’t protecting them with proper network security.

In fact, only 13% say they believe DDOS attacks through connected devices will be a major issue. Cisco points out another unforeseen consequence: “… organisations probably have many more vulnerable IoT devices in their IT environments that they don’t even know about.”

You don’t need to harbour secret information to be the target of a DDOS attack. Many businesses are targeted simply for existing.

There are plenty of standard methods to avoid these attacks, such as investing in security to identify DDOS threats early, and working with a DDOS specialist – but ultimately, the right choice of ISP and network provider will give the best peace of mind. They’ll be able to protect you in ways that you just can’t on your own.

The most effective attacks are still the smallest

Hackers are always coming up with new and better ways of infiltrating networks, and SMEs can be lured into a false sense of comfort by simply changing their passwords. But it’s the cost of disruption that should have SMEs worried.

Massive financial losses a reality for even small businesses. More than half of attacks now cost businesses more than $500,000 – enough to make a business close its doors for good.

Yet even though cyberattacks are becoming much more sophisticated, SMEs are still being hit by fairly rudimentary methods.

For instance, spam botnet activity is still high – and they often present themselves as regular email attachments one might find in an office. More than one third were in Microsoft Office formats like Word or Excel, and another 37% were presented as .zip or .jar extensions.

So many office workers would simply open these extensions without even realising what they are – assuming they could have only come from a trusted source. But that’s exactly how many businesses find themselves locked in by ransomware and other malicious material.

Plenty of businesses invest time and money in hardware and security teams, but don’t put in the work of training individual staff members to avoid these small attacks – which are often the cause of some of the biggest threats.

For instance, staff might know to look for a registered URL in an email, but they may not know many malware attacks are able to infiltrate inboxes and send emails from that address itself. Or, they use domains that appear very similar to real domains and only change one or two letters, giving a quick appearance of authenticity.

As Cisco itself says: “Phishing and spear phishing emails were at the root of some of the biggest, headline-grabbing breaches in recent years.”

How can this be prevented?

Even though the realm of cyberattacks seems overwhelming, there are three main ways businesses can protect themselves – even if they don’t have a security team.

1. Train your staff. Staff need to understand they are the first line of defence for simple attacks, so creating strong passwords, and avoiding suspicious emails is the first port of call. So many attacks can be prevented by starting here.
2. Change your thinking. Attacks aren’t just about hardware, they’re about culture. Start holding regular training on the latest security threats, and make sure everyone is aware about how to protect their information.
3. Make sure your data is protected. Regular back ups are a must, but remember to keep critical information stored separately and keep it encrypted, if necessary.

There’s also one final thing you can do…

It’s true that hardware isn’t a catch-all, but it can still be a huge benefit. After you’ve partnered with a trustworthy network provider, solutions like Cisco’s Meraki’s range can be a massive help in managing your network and preventing damage from attacks.

Using this type of tech can mean the difference between an attack that takes down your business, and one that’s merely an annoyance.