惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

N
Netflix TechBlog - Medium
罗磊的独立博客
H
Help Net Security
I
Intezer
G
Google Developers Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
T
Troy Hunt's Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
U
Unit 42
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
N
News and Events Feed by Topic
J
Java Code Geeks
S
Security Affairs
T
The Blog of Author Tim Ferriss
Recent Commits to openclaw:main
Recent Commits to openclaw:main
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
D
Docker
The GitHub Blog
The GitHub Blog
F
Full Disclosure
N
News and Events Feed by Topic
Webroot Blog
Webroot Blog
S
Security @ Cisco Blogs
腾讯CDC
人人都是产品经理
人人都是产品经理
M
MIT News - Artificial intelligence
Blog — PlanetScale
Blog — PlanetScale
T
Threatpost
D
DataBreaches.Net
Recent Announcements
Recent Announcements
博客园 - 三生石上(FineUI控件)
MongoDB | Blog
MongoDB | Blog
博客园 - 【当耐特】
L
LINUX DO - 最新话题
Google Online Security Blog
Google Online Security Blog
S
Schneier on Security
S
Securelist
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Help Net Security
Help Net Security
P
Proofpoint News Feed
Project Zero
Project Zero
S
SegmentFault 最新的问题
H
Hackread – Cybersecurity News, Data Breaches, AI and More
MyScale Blog
MyScale Blog
Google DeepMind News
Google DeepMind News
宝玉的分享
宝玉的分享
Y
Y Combinator Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
博客园 - 叶小钗

WeLiveSecurity

Recovery scammers hit you when you’re down: Here’s how to avoid a ‘second strike’ As breakout time accelerates, prevention-first cybersecurity takes center stage Digital assets after death: Managing risks to your loved one’s digital estate This month in security with Tony Anscombe – March 2026 edition RSAC 2026 wrap-up – Week in security with Tony Anscombe A cunning predator: How Silver Fox preys on Japanese firms this tax season Virtual machines, virtually everywhere – but not all protected Cloud workload security: Mind the gaps Move fast and save things: A quick guide to recovering a hacked account EDR killers explained: Beyond the drivers Face value: What it takes to fool facial recognition Cyber fallout from the Iran war: What to have on your radar Sednit reloaded: Back in the trenches What cybersecurity actually does for your business How SMBs use threat research and MDR to build a defensive edge Protecting education: How MDR can tip the balance in favor of schools This month in security with Tony Anscombe – February 2026 edition Mobile app permissions (still) matter more than you may think Faking it on the phone: How to tell if a voice call is AI or not PromptSpy ushers in the era of Android threats using GenAI Is Poshmark safe? How to buy and sell without getting scammed Is it OK to let your children post selfies online? Naming and shaming: How ransomware groups tighten the screws on victims Taxing times: Top IRS scams to look out for in 2026 OfferUp scammers are out in force: Here’s what you should know A slippery slope: Beware of Winter Olympics scams and other cyberthreats This month in security with Tony Anscombe – January 2026 edition DynoWiper update: Technical analysis and attribution Love? Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan Drowning in spam or scam emails lately? Here’s why ESET Research: Sandworm behind cyberattack on Poland’s power grid in late 2025 Children and chatbots: What parents should know Common Apple Pay scams, and how to stay safe Old habits die hard: 2025’s most common passwords were as predictable as ever Why LinkedIn is a hunting ground for threat actors – and how to protect yourself Is it time for internet services to adopt identity verification? Your information is on the dark web. What happens next? Credential stuffing: What it is and how to protect yourself This month in security with Tony Anscombe – December 2025 edition A brush with online fraud: What are brushing scams and how do I stay safe? Revisiting CVE‑2025‑50165: A critical flaw in Windows Imaging Component LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan ESET Threat Report H2 2025 Black Hat Europe 2025: Was that device designed to be on the internet at all? Black Hat Europe 2025: Reputation is currency – even in the ransomware economy Locks, SOCs and a cat in a box: What Schrödinger can teach us about cybersecurity Seeking symmetry during ATT&CK® season: How to harness today’s diverse analyst and tester landscape to paint a security masterpiece The biggest catch: How whaling attacks target top executives Phishing, privileges and passwords: Why identity is critical to improving cybersecurity posture MuddyWater: Snakes by the riverbank Oversharing is not caring: What’s at stake if your employees post too much online This month in security with Tony Anscombe – November 2025 edition What parents should know to protect their children from doxxing Influencers in the crosshairs: How cybercriminals are targeting content creators MDR is the answer – now, what’s the question? The OSINT playbook: Find your weak spots before attackers do PlushDaemon compromises network devices for adversary-in-the-middle attacks What if your romantic AI chatbot can’t keep a secret? Can password managers get hacked? Here’s what to know Why shadow AI could be your biggest security blind spot In memoriam: David Harley The who, where, and how of APT attacks in Q2 2025–Q3 2025 ESET APT Activity Report Q2 2025–Q3 2025 Sharing is scaring: The WhatsApp screen-sharing scam you didn’t see coming How social engineering really works | Unlocked 403 cybersecurity podcast (S2E6) Ground zero: 5 things to do after discovering a cyberattack This month in security with Tony Anscombe – October 2025 edition Fraud prevention: How to help older family members avoid scams Cybersecurity Awareness Month 2025: When seeing isn't believing Recruitment red flags: Can you spot a spy posing as a job seeker? How MDR can give MSPs the edge in a competitive market Cybersecurity Awareness Month 2025: Cyber risk thrives in the shadows Gotta fly: Lazarus targets the UAV sector SnakeStealer: How it preys on personal data – and how to stay safe Cybersecurity Awareness Month 2025: Building resilience against ransomware Minecraft mods: When ‘hacking’ your game becomes a security risk IT service desks: The security blind spot that may put your business at risk Cybersecurity Awareness Month 2025: Why software patching matters more than ever AI-aided malvertising: How chatbots can help spread scams How Uber seems to know where you are – even with restricted location permissions Cybersecurity Awareness Month 2025: Passwords alone are not enough The case for cybersecurity: Why successful businesses are built on protection Beware of threats lurking in booby-trapped PDF files Manufacturing under fire: Strengthening cyber-defenses amid surging threats New spyware campaigns target privacy-conscious Android users in the UAE Cybersecurity Awareness Month 2025: Knowledge is power This month in security with Tony Anscombe – September 2025 edition Roblox executors: It’s all fun and games until someone gets hacked DeceptiveDevelopment: From primitive crypto theft to sophisticated AI-based deception Watch out for SVG files booby-trapped with malware Gamaredon X Turla collab Small business, big risk: How SMBs can fight back against ransomware HybridPetya: A Petya/NotPetya copycat comes with a twist Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass Are cybercriminals hacking your systems – or just logging in? Preventing business disruption and building cyber-resilience with MDR Under lock and key: Safeguarding business data with encryption GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes This month in security with Tony Anscombe – August 2025 edition Don’t let “back to school” become “back to bullying”
SMB cyber-readiness: What makes or breaks it
Tomáš Foltýn · 2026-06-10 · via WeLiveSecurity

“Fix the roof while the sun is shining.”

– proverb

Cybersecurity has a familiar way of saying the storm will come: “a breach is a matter of when, not if.” While the industry’s sternest maxim has probably never been more true, it sometimes feels as though it’s also lost some of its edge over the years. Everyone agrees that there could be a ‘cloud on the horizon,’ but is it enough to get them to  draft or review their IT contingency plan? Put differently, will the organizations commit to a level of operational pain that they can endure while under attack?

To be sure, a cyber-incident won’t give anyone a date by which to prepare. Organizations can only assume that it’s coming – eventually, in some form, and from some direction. But that realization alone clearly doesn’t prepare them to withstand the attack. Any kind of warning only counts when it spurs action, and the companies with the best odds of walking away standing are the ones that used the calm hours to gain a clear-eyed view of the key risks – and to prepare as though the date were fixed.

Gaps and gaping holes

The ESET SMB Cyber Readiness Index 2026 set out to measure the gap between how often SMBs end up in attackers’ crosshairs and how confidently they think they can absorb the hit. Surveying 4,400 decision-makers in the United States, Canada, Europe, the Middle East, and Japan, the report found that 45% of small and medium-sized businesses (SMBs) recorded at least one cyber-incident in the trailing twelve months. 

An even more interesting finding is what happens to confidence after an actual incident. Globally, 75% of the respondents describe themselves as either very or slightly confident in their resilience, rising to 81% among those who have already been exposed to more than one incident. In the US and Canada, the confidence is even higher: 86% among all respondents and 91% among the cohort that has been breached more than once.

Figure 1. Confidence in cyber-resilience
Figure 1. Confidence in cyber-resilience

In other words, confidence seems to rise with incident frequency, not despite it. Have the repeat victims come to view their brushes with cyber-incidents as proof of “what doesn’t kill me makes me stronger”? Or have they made peace with breaches as part of doing business? Probably neither – the survey found that many SMBs have become more prepared, helped along by insurance requirements, compliance pressure, and better cybersecurity awareness training.

Still, the same data also points to a stubborn gap between feeling ready and having the basic precautions in place. So, an attack that doesn’t take an organization out of business can indeed make it stronger – provided the organization learns the right lessons, of course. On the other hand, the attack can also leave it weaker and less capable of avoiding expensive penance in the future. Here's where additional insights from the report can help.

How most incidents actually start

When it comes to root causes of cyber-incidents, ESET’s data points at the less ‘flashy’ categories: phishing (26%), unpatched vulnerabilities (23%), monitoring gaps (22%) and weak passwords (20%). These are the categories that have for years required most attention, but in people’s minds they’re often displaced by whichever threat dominates the news headlines. For all the talk around AI, automation and attacker sophistication, many SMB breaches still begin with a familiar opening.

This disconnect shows up in what SMBs fear: AI-powered malware is the most-cited threat concern globally (31%), ahead of ransomware and other malware (29%) and phishing (26%). Michal Jankech, ESET Vice President of Enterprise, SMB & MSP, puts it plainly: “We’ve found SMBs’ concerns are often shaped by headlines on emerging threats like AI-driven attacks, while more routine risks – phishing, unpatched vulnerabilities and lack of monitoring – are underestimated. This hints that many respondents misperceive their security posture and resilience.”

Figure 2. Most-feared threats
Figure 2. Most-feared threats

Meanwhile, Verizon’s 2026 Data Breach Investigations Report (DBIR) records the inverse priority from the attacker’s side: only 2.5% of AI-assisted malware functions used rare or novel techniques. DBIR’s other findings also point in the same direction: for the first time in the report's nineteen-year history, exploitation of vulnerabilities has overtaken stolen credentials as the leading initial access vector (31% of breaches) while the median time-to-patch grew from 32 to 43 days year on year. When it came to the specific actions affecting SMBs, ransomware, stolen credentials and exploited vulnerabilities appeared at the top again.

The golden hour

Emergency medicine calls the equivalent window the ‘golden hour,’ the period in which the speed of response determines whether damage is reversible. In cybersecurity, the choices are equal parts technical and procedural. Stopping the spread of an ‘infection’ often requires knowing the drill, including when it involves trading a guaranteed self-inflicted outage now to avoid a worse one later. Whoever can take or authorize the decision – say, kill a production database or take payments offline – needs to be reachable in minutes.

Ransomware – a threat consistently looming large on organizations of all sizes but disproportionately targeting SMBs – also thrusts itself into the conversation early. The median ransom payment now sits at $140,000, according to DBIR, and 69% of victims refuse to pay. On this note, ESET’s contingency guidance and most law enforcement is blunt on the point: don’t pay.

Another clock starts at the same time. Under GDPR, for example, a personal data breach triggers a 72-hour notification window to the supervisory authority, regardless of whether the investigation is wrapped up. Logs and other evidence have to be gathered in parallel, because cyber-insurers and law enforcement will ask for them, and whatever isn’t preserved in the first hours may be impossible to recover later.

Why preparation is the answer

Major incident-response frameworks, NIST’s SP 800-61, ISO/IEC 27035-1 and the NCSC’s Cyber Assessment Framework (CAF), front-load preparation by treating incident response as a continuous risk management activity. But expectation – the belief that the hour will come – isn’t the same as preparation, of course. The latter is the conscious decision that, if/when the hour does come, the company will already know how to address the burning questions promptly and can continue to function despite setbacks, which itself an ability that is the core of true cyber resilience.

To be sure, the right answers vary by sector: a manufacturing plant treats availability as close to paramount as possible, because downtime bleeds money by the minute; meanwhile, a hospital, where the wrong shutdown can cost a life, may need to make a different calculus. Either way, the decisions about who has the authority to shut down a revenue-generating environment or which services can come back first belong in the calm hours, not only after ‘all hell breaks loose.’

Today’s attack surface is broad, often too broad, and real preparation requires the organization to shrink the number of available openings. IT environments are known to accumulate operational fat, such as unsupported legacy systems, undocumented APIs or forgotten virtual machines, that isn’t always easy to shed. However, organizations need to get in the habit of minimizing their internet-facing footprint, as it’s impossible to defend an asset or patch a vulnerability that the IT team doesn’t know exists.

Supply-chain integrations create their own kind of sprawl, with no clear owner and an excessive permissions footprint. ESET’s report puts a number on the cost: 21% of SMBs name integration complexity as their second-biggest barrier to improvement – just behind, you guessed it, budget. According to DBIR, third-party involvement now sits at 48% of all breaches, up 60% year on year.

Meanwhile, discipline is increasingly arriving from outside. A total of 71% of SMBs globally now carry cyber insurance, rising to 84% in North America, with adoption climbing sharply among repeat victims. More than half of insured firms with multiple incident histories – 55% worldwide, 71% in North America – have specific controls written into their coverage: MFA, identity and access management, EDR or MDR. Only 31% of SMBs believe insurance alone is a sufficient defense, and 67% globally name single-vendor monoculture as a concern.

Once the dust has settled

The post-incident review is the place for questions, including the ugly ones about precautions that weren’t taken and recovery measures that were assumed to be fine but hadn’t been tested. Organizations shouldn’t default to the version in which the attackers were unusually skilled. Sometimes they are, but often the reality is more mundane.

While “when, not if” has never been more true, that alone doesn’t prepare a business for adversity. A warning only becomes useful when it changes what happens before it ‘comes due.’ The roof is easier to fix before the rain starts.