Menu
sme-cyber-threat-security

The Top Cyber Threats Facing SMEs And How To Stay Protected

In the past few days, major retailers including Marks and Spencer and the Co-op have been hit by cyber attacks, causing huge disruption to their services and compromising customer data. 

The Guardian reports that the criminals responsible have been identified by the National Crime Agency as Scattered Spider, and it is believed a form of ransomware called DragonForce was used. This is malicious software that is used to encrypt files, and the hacker demands a sum in return for unlocking them and returning stolen data. 

However, it is not just high profile businesses that can be a target for hackers. Small to medium sized enterprises (SMEs) can also be severely affected by cyberattacks, and with ever-evolving threats and limited resources, these can be potentially devastating. 

In fact, the government reports that 67 per cent of medium sized businesses experienced a cyber attack in 2024. Here’s a look at some of the biggest threats to watch out for in 2025, and how our cyber security support services can help. 

AI-enhanced phishing attacks

Phishing (using emails that mimic legitimate contacts to trick the recipient into clicking a malicious link or sending sensitive data) is already one of the most common methods of cyber attack. However, in 2025, hackers are using artificial intelligence (AI) to enhance emails to create highly convincing details.

The sophisticated software is even able to mimic the writing style and tone of the sender, and recreate graphics and logos down to the smallest detail. This means that the user assumes they are dealing with a trusted contact, because there is very little to raise suspicions. 

How to minimise the threat of phishing:

  • Hold regular training sessions so that all staff are aware of the threat, and encourage them to double check by contacting the sender through a different channel if they have any doubts. 
  • Implement multi-factor authentication (MFA) to add an extra layer of security.
  • Install advanced email filtering tools with AI-based threat detection systems. 

Cloud misconfigurations

Migrating to cloud-based services is a priority for many SMEs, as it can help to streamline operations and facilitate remote working and client communication. However, misconfigured settings can create weaknesses that will be exploited by hackers. 

How to protect your business:

  • Use a professional IT service to manage and configure your cloud infrastructure
  • Always turn on security features such as multi-factor authentication and encryption
  • Restrict access permissions to strictly necessary users and review them regularly

Ransomware-as-a-service (RaaS)

The Guardian reports that DragonForce, the malware used to hack Marks and Spencer, is a Ransomware-as-a-service (RaaS) operating system. This means that the cybercriminals use another group’s malware, who in return get a share of any financial gain from the attack. 

However, this threat does not just affect big name companies: in fact, it effectively throws open the doors to a much wider range of hackers. They do not have to rely on their own expertise to build malware, but can purchase or rent it on the dark web. 

Therefore SMEs should prepare for a sharp rise in this type of attack, which can involve paying out significant sums to release encrypted data or to avoid sensitive data being made publicly available.

How to protect your business from RaaS:

  • Keep all systems and software updated so that any vulnerabilities are patched
  • Install endpoint protection and 24/4 monitoring services
  • Carry out regular backups and store critical data securely offsite

How a managed service provider can help

If you are an SME without a dedicated IT team, staying on top of cyber security threats can be extremely challenging. A managed service provider can monitor your systems proactively for any suspicious activity, and ensure that all software is kept up to date with the latest security tools and best practices.

Related Posts