Cyber attacks on small and midsize businesses (SMB) occur daily. More than half (55 percent) of companies with fewer than 1,000 employees have experienced a cyber attack, and 43 percent of all attacks target small businesses.

It’s clear all businesses need a strategy to protect themselves. Be it ransomware, DDoS (distributed denial of service), phishing or some other threat, any business that neglects its cybersecurity responsibilities is taking a huge risk. And the risk extends to the company’s customers, partners and suppliers.

The seriousness of the threat, however, isn’t always fully understood in the SMB sector. For instance, only 2 percent of small business owners in a CNBC/Survey Monkey poll in April 2017 cited cyber threats as the most critical issue they face. While small businesses have other concerns, they mustn’t overlook cybersecurity.

Caldron of Threats

Hackers use multiple methods to target businesses, ransomware being the most common these days. Attackers use ransomware to lock up computers and demand ransom from their owners in order to regain access to their data.

Phishing is another common threat, often providing a gateway for ransomware infections. Phishing typically works by goading users into clicking an email attachment or URL containing a virus. It has become more and more sophisticated, as hackers target specific individuals with messages the recipients find hard to resist, such as fake overdue bills, requests to sign for deliveries and fake emails from senders known to the user.

Other threats businesses should keep an eye on:

Malvertising – Short for “malware advertising,” it consists of delivering malware to a network after a user clicks on an apparently legitimate ad. Identifying malvertising isn’t easy, although some advanced malware detection systems are getting better at it.

Clickjacking – Similar to malvertising, this practice involves hiding hyperlinks to compromised webpages in legitimate website links. Users then are asked to reveal personal data that hackers steal for nefarious purposes.

Drive-by downloads – This dirty trick downloads malware into networks, and often users don’t even realize it’s happening. Sometimes users have to respond to a pop-up window for the download to occur but other times all you to do is unwittingly visit a compromised website.

Why You?

Why are cybercriminals interested in SMBs? After all, small and medium companies do not have the resources and deep pockets of the enterprise.

Hackers target SMBs for several reasons. One is obvious: Any private data a company handles, such as Social Security numbers, medical records and payment card credentials, has a “street value” on the dark web. Cyber thieves steal the data and sell it to others who use it to access accounts and steal identities.

Sometimes cyber hackers are interested only in using a company’s computers and turning them into bots to perpetrate massive DDoS attacks. DDoS works by artificially generating enormous amounts of web traffic to disrupt service to a company or group of companies. The hijacked bots help generate the traffic.

Hackers also target SMBs because today’s businesses are digitally connected to each other to complete transactions and share information. Since larger companies presumably (although not necessarily) are tougher to penetrate, hackers target smaller partners as a way to get into the systems of large companies. This is what happened in the Target breach of 2014.

As for ransomware, it’s such a popular method of attack because it often succeeds, generating plenty of revenue for attackers. No one is immune from ransomware attacks, from individuals to SMBs to enterprises.

Setting Strategy

Understanding the threats and what cybercriminals are after is essential to building cybersecurity defenses. Knowing your enemies helps defeat them. In developing a cybersecurity strategy, here are some essential components:

Educate users – Countless phishing and ransomware attacks have proven that unaware or careless users can be a company’s biggest security risk. Businesses can turn users into the front line of defense by properly educating them on cyber threats.

Implement advanced tools – Businesses need tools that deliver endpoint protection, protect the network through firewalls and other methods, and perform threat analysis to keep their data safe. Cloud-based platforms that address multiple security layers are the easiest, most affordable path to cybersecurity for SMBs.

Invest in expertise – It’s hard to have a full grasp of cybersecurity without expert help. For smaller companies, working with a managed security services provider (MSSP) is the best bet, though even businesses with in-house experts can benefit from tapping a provider.

Don’t forget mobile – As computing becomes more mobile and cloud-based, companies must include mobile devices in their security strategies or risk leaving a door open to cyber attackers.

From the time you started reading this article, dozens of cyber attacks have been attempted around the world. One of them might have been against your business. That’s why you need a well-defined cybersecurity strategy.