Once again, more high-profile security incidents have washed back onto our news feeds. The common denominator? Scattered Spider. After hitting major UK retailers in April 2025, they seem to have struck again in almost as many months. This attack group seems to be finding particular success working its way through as many industries and sectors as it can hit consecutively.
Following success in hitting major retailers, they moved onto the insurance market, stealing critical datasets from a top insurance provider before potentially being the group behind a late-June attack on a major airline.
From retail, to insurance, to aviation – it raises the question, who could be next?
The answer could be that they may look to move to a smaller, but more lucrative game – Small and Medium Enterprises (SMEs).
The evolution of digital threat tactics over recent years has meant that Scattered Spider’s ability to bounce from one attack to the next is nothing unique – attacks are becoming quicker, more scaled and more efficiently targeted.
This isn’t just bad news for household names – it’s bad news for everyone. Whilst it was major names like that that occupied the headlines, SMEs are just as vulnerable, if not more so!
SMEs are increasingly being caught in the crossfire of cyber-attacks and stand the most to lose from a successful breach or security incident.
While large enterprises are traditionally considered big game for cyber gangs, SMEs have since proven to be a much more bountiful prey. Microsoft’s 2023 Digital Defense Report shows that SMEs now account for 90% of all ransomware attacks.
“80 to 90% of all ransomware targets are against SMEs, and that's an SME when we're talking less than 500 employees. And the average amount of that ransom is around €350,000.” - Sarah Armstrong-Smith, Microsoft Chief Security Advisor for EMEA
This growing trend in targeting SMEs for exploitation is alarming to say the least. So, why are SMEs a growing target for attackers, and most importantly, how can they protect themselves and their customers?
Why Are Cybercriminals Targeting SMEs More?
The answer to this lies in the vulnerability of SMEs paired with the potential opportunities to be exploited by threat actors.
While large enterprises tend to have greater resources to assign to their cybersecurity infrastructure, SMEs do not have the same resources or budgets needed to strengthen their security posture, or recover from attacks when they happen, presenting would-be attackers with far fewer obstacles to bypass.
Threat actors are turning their attention from big tech firms and multinational corporations to smaller organizations who present as much easier targets and where the chances of success are higher.
To add further to the incentive to go after smaller targets, SMEs, due to the lack of resources, will be more likely to pay a ransom when presented with one.
While larger enterprises will have resources set aside for back-up and recovery responses, SMEs will conversely be much more limited in their recovery options and may feel that they have no choice but to comply in order to save their data and keep operations running.
The most detrimental factor here, however, is not lack of resources, but a lack of awareness. Many SMEs have not yet realized that they have a target on their backs. As a result, small and medium businesses are facing an enemy unprepared and unarmed, when they should be planning and, where they can, investing.
“Everyone and everybody is a target. One of the key myths I hear a lot when it comes to SMEs is that I'm too small to be a target.” – Sarah Armstrong-Smith, Microsoft Chief Security Advisor for EMEA
Less is More: Balancing Budgets with Security
Limited resources pose a challenge for SMEs, but when leveraged in a strategic way, not only can they be overcome, but they can be turned into a competitive advantage. SMEs are just one part of a rich digital ecosystem – one that they can use to their benefit.
Even for smaller businesses with limited resources, there are strategies that SMEs can use to strengthen their security and have a considerable impact on their wider business.
Software as a Service and Out-of-the-Box Solutions
Every business has a unique use case for their security requirements, but that doesn't mean that they need to build their environment or solutions from scratch. Businesses can reduce the burden of everyday security requirements by allying themselves with providers who can offer solutions with built in security features, such as cloud service providers with built in Multi-Factor Authentication, security controls, automation and encryption features as a standard. The cost of solutions like these is miniscule compared to that of in-house development and can be the difference between a major breach or minor security incident.
Leveraging the Right Expertise
By allying themselves with a partner which has strong expertise and security practices, SMEs can ensure that they acquire the right solutions, offload some of their security burdens and demonstrate their brand’s commitment to trust and security. Learning to lean on peers and partners is a skill that SMEs must come to embrace, especially as reducing certificate lifespans will mean that maintaining SSL / TLS certificates will be unsustainable manually and may lead to the neglect of other necessary security processes. Thoughtful partnerships allow SMEs to scale more effectively and make smarter investments in cybersecurity. Thoughtful partnerships allow SMEs to scale more effectively and make smarter investments in cybersecurity.
Data Recovery and Incident Response Planning
All businesses, regardless of size, must accept the likelihood of a breach at some point in the future, and take preventative measures to remediate it. This means creating risk and vulnerability assessments and developing a detailed incident response plan. Implementing tools like Data Loss Prevention (DLP) software can help SMEs monitor and protect sensitive information, prevent unauthorized sharing, and ensure compliance with data protection regulations. SME cybersecurity must leverage a combination of proactive and reactive strategies and tools to keep up with their peers and ahead of attackers, including thinking of their very worst-case scenario well before it can happen.
This approach enables SMEs to be prepared and stay ahead. But even with these tools, SMEs, like all organizations, must still ensure that the responsibility for their data protection and data usage stays with them.
Meeting Modern Security Challenges: What About AI?
SMEs might also be tempted to begin experimenting with Artificial Intelligence (AI) as a means to redistribute resources and optimize their security further. And they’re not wrong. When used thoughtfully and effectively, AI can offer extensive benefits, but its adoption must be approached with caution. The effectiveness of AI depends heavily on the use case and the organization’s readiness to manage associated risks.
The potential uses of AI in security, as with any other tool, depend on the organization’s use case, and additionally, their ability to manage its inherent risk. SMEs must evaluate their specific use cases and assess whether they have the infrastructure and expertise to support AI securely, taking into consideration what data it will be used with and the areas in which it will be applied. Once organizations are aware of their gaps, strengths, and potential vulnerabilities, then it’s a good idea to begin testing before investing.
AI can be a useful tool however when it is embedded into an organization’s security framework, to expose and identify security gaps like vulnerabilities in access controls, data policies and user behavior, while also auditing what a business does have at its disposal.
Organizations do need to instill a future-proof approach to its implementation. Transparency and accountability are key for developing trust, and it’s important for SMEs to be transparent about how they are using their AI both internally and externally.
What Can SMEs Learn From Larger Enterprises?
Businesses don’t need infinite IT budgets and security resources in order to keep up with the digital security challenges of today, but they may need to redefine their approach to security.
For this, there are some valuable lessons that SMEs can take from large enterprises.
- Preparedness is key, both to avoiding a breach and withstanding one. In many cases, the reputational damage from a breach is determined not by the incident itself, but by how well the organization responds.
- SMEs should adopt a mindset that assumes that an attack or incident is not a matter of “if,” but “when” and adopt a combination of proactive and reactive strategies. Building trust requires ongoing communication, collaboration, and a culture of security that permeates every aspect of any business.
- Communication is also a key part of any cybersecurity strategy. SMEs can answer todays challenges by collaborating with their connections within the industry to create a culture of trust and security throughout the digital ecosystem.
- Having a clear, transparent incident response plan - communicated both internally and externally - can make all the difference, if businesses can demonstrate that they acted swiftly and with integrity.
The rise in cyberattacks against SMEs should be a wake-up call. Smaller organizations are becoming more vulnerable. If they are going to protect themselves, SMEs must ask: what are they trying to protect?
Some may respond with answers like “technology”, or “data”. But that wouldn’t be the whole truth. These things only have any real value because of the people whom they connect. For this reason, people must be at the heart of every cybersecurity strategy, regardless of size. Building and protecting a business must be rooted in trust and transparency.
“It's not the fact that you've had an incident which is necessarily the problem; it's how you handle it, and that's probably what you're going to be remembered for.” - Sarah Armstrong-Smith, Microsoft Chief Security Advisor for EMEA
By embedding security, privacy, and resilience into the very fabric of their operations through meaningful partnerships, preparation, and adaptation, SMEs can not only defend themselves but contribute to a rich trust ecosystem.
Let’s secure your future, together.
At GlobalSign, we help SMEs embed trust at the core of their operations. Contact us today to discuss how we can support your business with robust, scalable security solutions tailored to your needs.
