Page 1 of 7
Advances in Social Sciences Research Journal – Vol. 11, No. 10
Publication Date: October 25, 2024
DOI:10.14738/assrj.1110.17724.
Hossain, N., & Hasan, M. (2024). The Impacts of Cyberattack on SMEs in the USA and Way to Accelerate Cybersecurity. Advances in
Social Sciences Research Journal, 11(10). 197-203.
Services for Science and Education – United Kingdom
The Impacts of Cyberattack on SMEs in the USA and Way to
Accelerate Cybersecurity
Nazmul Hossain
Peoples' Friendship University of Russia
name after Patrice Lumumba
Mahmud Hasan
ECPI University, Virginia, USA
ABSTRACT
We are at the 4th industrial revolution called industry 4.0. The world is turning from
digitalization to automation. Technological advancement and adoption and
utilization of changing pattern of technology is gaining the gear at all social,
political, diplomatic, economic and commercial spheres including SMEs.
Technological advancement is bringing speed, innovation and sophistication of
products and services in SMEs in one hand and on the other hand, cyber hacking
and various and changing pattern of cybercrimes are hampering the growth and
development. The aim of the study is to analysis the impacts of cyberattacks on
SME’s productivity, growth and development in USA and potential way to accelerate
the cyber security in the area. The study is mainly based on secondary sources of
data including journals, research publications, scholarly articles, thesis papers etc.
The finding of the study revealed that Banking and finance, healthcare, small
manufacturing firms, retailers and E-commerce, public transport and
infrastructure with less than 500 employees are the most vulnerable sectors for the
Cyber-attack in the USA. The most commonly practiced cyberattacks are Phishing
attacks, Ransomware, Malware, DDoS attacks, MitM etc. The Study suggests a
number of cyber security measures including employee awareness and training
program, creation of security policy and practice, know how to distinguish between
fake antivirus offer and real notification and protect OT-IT system to prevent the
damage.
Keywords: SMEs, Cyberattacks, Cybersecurity, Financial impacts, Artificial Intelligence.
INTRODUCTION
In the science and technology based current digital-driven economic arena, cyber-attack
emerges as a widespread threat for the business of all sizes. It’s become more devastating for
the SMEs than their largescale business counterpart (Babiceanu and Seker 2019; Choo 2011).
The SMEs are increasingly being attacked in recent years as they are with limited resources and
capabilities to take effective and sufficient measures in timely manner.
In the USA, SMEs faced 350% more social engineering attack than their largescale business
counterparts in 2021. A 2024 survey found that 60% of SMEs view cyberthreats including
phishing and ransomware as their biggest challenge, ahead of supply chain issues and potential
pandemics. The impact of cyber crime and its level is increasing gradually due to business’s
Page 2 of 7
198
Advances in Social Sciences Research Journal (ASSRJ) Vol. 11, Issue 10, October-2024
Services for Science and Education – United Kingdom
technology and online platform (Corllo et al., 2020; Deloitte, 2020). Cyberattack encompasses
a range of activities ranging from hacking and data breaches to social engineering and
ransomware attacks.
The study mainly focuses on examining the phenomenon of cyberattacks commonly affecting
the SMEs in the USA drawing upon a comprehensive US database and suggest a number of
effective measures to bring a potential breakthrough.
THE MOST CYBERATTACKS AFFECTING SMES IN THE USA
Cyberattacks have become one of the most significant concerns for small and medium-sized
enterprises (SMEs) in the USA. A 2024 survey found that 60% of SMEs view cyber threats,
including phishing and ransomware, as their biggest challenge, ahead of supply chain issues
and potential pandemics (StrongDM). SMEs are particularly vulnerable to these attacks due to
limited resources in cybersecurity (U.S. Chamber of Commerce).
Additionally, with the rise in targeted attacks on small businesses, 47% of cyber breaches in the
past year impacted businesses with fewer than 500 employees (StrongDM)(BDO). The most
cyberattacks affecting SMEs in the USA are:
• Phishing Attacks: Phishing remains a major threat, with attackers sending deceptive
emails to employees, tricking them into revealing sensitive information like login
credentials. SMEs are highly vulnerable due to a lack of advanced email filtering systems
and employee training (U.S. Chamber of Commerce) (BDO).
• Ransomware: Ransomware attacks are particularly damaging for SMEs, encrypting
critical business data and demanding a ransom. Without strong backups or
cybersecurity defenses, SMEs are often forced to pay the ransom to regain access,
resulting in financial strain and loss of trust (StrongDM).
• Malware: Malware attacks are often used to infect a company's network via malicious
software delivered through emails or compromised websites. Once installed, malware
can steal sensitive data, spy on company activities, or disrupt operations entirely (BDO).
• DDoS Attacks: Distributed Denial of Service (DDoS) attacks overwhelm SME servers
with traffic, causing service disruptions and loss of business. These attacks are relatively
simple to execute but can have devastating effects on a small business’s operational
capacity and customer satisfaction (StrongDM).
• Man-in-the-Middle (MitM) Attacks: In these attacks, an attacker intercepts
communication between two parties, typically over unsecured networks, to steal data
or impersonate one of the parties. SMEs may lack the network security protocols
necessary to detect and prevent these attacks (U.S. Chamber of Commerce).
• Insider Threats: Insider threats occur when a current or former employee intentionally
or unintentionally compromises security by providing access to malicious actors or
leaking sensitive information. SMEs often struggle to implement robust access control
measures, making them vulnerable to this form of attack (BDO)(StrongDM).
These types of attacks highlight the importance of investing in cybersecurity for SMEs, as they
are increasingly becoming targets of sophisticated cybercriminals due to their often-limited
security infrastructure.
Page 3 of 7
199
Hossain, N., & Hasan, M. (2024). The Impacts of Cyberattack on SMEs in the USA and Way to Accelerate Cybersecurity. Advances in Social Sciences
Research Journal, 11(10). 197-203.
URL: http://dx.doi.org/10.14738/assrj.1110.17724
TYPES OF SMES COMMONLY TARGETED BY CYBERATTACKS
Small and medium-sized enterprises (SMEs) are increasingly targeted by cybercriminals due to
their limited cybersecurity defenses and the sensitive data they handle. Financial institutions,
for example, manage personal banking data, making them vulnerable to phishing and
ransomware attacks (Cyber Defense Magazine). Healthcare providers experience an average of
1,684 attacks per week, with ransomware being particularly disruptive (World Economic
Forum) (ClearDATA). In sectors like manufacturing and transportation, cyberattacks exploit
operational technology systems, causing widespread supply chain disruptions (Industrial
Cyber). E-commerce SMEs face significant risks from data breaches and phishing
(BigCommerce). Here’s some SMEs commonly targeted by cyberattackers:
• Financial Institutions (e.g., Banks): SMEs in the financial sector are prime targets for
cyberattacks due to the sensitive data they manage, including personal banking
information and financial transactions. These businesses often experience attacks such
as phishing and ransomware, which can severely disrupt operations and lead to
significant financial losses. Continuous security measures and training are essential to
protect against evolving threats like ransomware and phishing (Cyber Defense
Magazine).
• Healthcare Providers: Healthcare-related SMEs are highly targeted by cyberattacks
due to the sensitive personal and medical data they hold. In 2023, healthcare ranked as
the third most attacked sector, with an alarming average of 1,684 attacks per week.
Ransomware is particularly disruptive, often crippling healthcare services and risking
patient safety. Implementing zero-trust security models is critical to safeguarding these
organizations (World Economic Forum) (ClearDATA)(American Council on Science and
Health).
• Small Manufacturing Firms: Manufacturing SMEs are vulnerable to cyberattacks,
especially in sectors like transportation, due to their reliance on operational technology
(OT) systems. These attacks, including ransomware, target the interconnectivity
between OT and IT systems. As these systems are increasingly digitized, the risks grow.
Addressing these vulnerabilities requires collaboration between government bodies,
industries, and cybersecurity experts. Strategies like network segmentation, real-time
monitoring, and robust access controls are crucial to mitigate these threats (Industrial
Cyber).
• Retailers and E-commerce SMEs: E-commerce SMEs face significant risks from
cyberattacks, including data breaches, phishing, and malware. These businesses handle
sensitive customer information, such as credit card details, making them prime targets
for cybercriminals. Large-scale breaches in recent years, such as those at Target and
Home Depot, highlight the importance of robust security measures for all online
retailers (BigCommerce).
• Public Transport and Infrastructure SMEs: SMEs involved in public transportation
and critical infrastructure are increasingly at risk due to their reliance on digital
systems. Cyberattacks targeting these sectors, especially Distributed Denial of Service
(DDoS) attacks, can cause significant operational disruptions. With the digitalization of
transport systems, stronger cybersecurity measures are urgently needed to protect
these vital services (World Economic Forum).