Ransomware targets Small and Medium-Sized Businesses

The latest Microsoft Digital Defense Report 2023 sheds light on the evolving landscape of ransomware attacks, revealing a startling trend: a significant portion of these attacks are now targeting smaller organizations. Between July and September 2022, approximately 70% of organizations that fell victim to human-operated ransomware had fewer than 500 employees. This trend underscores the growing vulnerability of small and medium-sized enterprises (SMEs) to sophisticated cyber threats.

The Threat to Unmanaged Devices

One of the primary factors contributing to the vulnerability of smaller organizations is the prevalence of unmanaged or bring-your-own devices (BYOD). These personal devices, used to access work-related systems and information, often lack the robust security controls and defenses found on managed corporate devices. Alarmingly, 80 to 90 percent of all compromises originate from these unmanaged devices, making them a prime target for cybercriminals.

Human-operated ransomware attacks are increasingly focusing on these less secure entry points. Once access is gained through an unmanaged device, attackers can move laterally within the network, exploiting vulnerabilities and escalating their privileges. This method allows them to bypass more traditional security measures and establish a foothold within the victim organization.

Exploiting Lesser-Known Vulnerabilities

Cybercriminals are also diversifying their attack vectors by exploiting vulnerabilities in less common software. This approach makes it more challenging for organizations to predict and defend against potential attacks. The Microsoft report highlights the importance of a holistic security strategy that encompasses all aspects of an organization’s IT environment, including less frequently used software.

The Impact on Various Industries

While critical infrastructure sectors have experienced a significant number of ransomware encounters, the threat is by no means limited to them. Cybercriminals have broadly attacked all sectors, with education and manufacturing being particularly notable targets. For example, attackers exploited a critical remote code execution vulnerability in the PaperCut server, widely used by educational institutions, to gain access and deploy ransomware.

The Necessity of a Comprehensive Security Approach

The findings from the Microsoft Digital Defense Report 2023 emphasize the need for a comprehensive and proactive approach to cybersecurity. Organizations, especially small and medium-sized ones, must prioritize the implementation of strong security controls across all devices, including unmanaged and BYOD. This includes:

1. Implementing Endpoint Detection and Response (EDR): Solutions that provide continuous monitoring and response capabilities can help detect and mitigate threats originating from unmanaged devices.
2. Regularly Updating and Patching Software: Ensuring that all software, including less commonly used applications, is up-to-date with the latest security patches can significantly reduce vulnerabilities.
3. Educating Employees: Continuous training and awareness programs can help employees recognize phishing attempts and other common tactics used by ransomware operators.
4. Adopting Zero Trust Principles: Implementing a Zero Trust security model, where verification is required from everyone trying to access resources, can help protect sensitive information and systems.

Conclusion

The rise in ransomware attacks targeting small and medium-sized organizations highlights the evolving tactics of cybercriminals and the pressing need for robust cybersecurity measures. By understanding the risks and taking proactive steps to secure all devices and software, organizations can better defend themselves against these relentless threats. The Microsoft Digital Defense Report 2023 serves as a crucial reminder that in today’s digital landscape, no organization, regardless of size, can afford to be complacent about cybersecurity.

• About
• Latest Posts

Follow me

Paul Bergman

CEO at Tracc Development, Inc.

Paul Bergman runs a business strategy and cybersecurity consulting company in San Diego. He is CEO of AMRAD. He also leads a mentoring non-profit in San Diego, Lamp of Learning. He writes on cybersecurity  and board management for both corporate and nonprofit boards.

Follow me

Latest posts by Paul Bergman (see all)

• Got an Unpatched iPhone? A Darksword Hangs Over It! – March 23, 2026
• When Trusted RMM Tools Become the Attacker’s Backdoor – January 27, 2026
• Microsoft Integrates Sysmon Into Windows 11 and Server 2025: Pros and Cons – November 24, 2025