2017 SME Cyber Threats

29 Dec 2016

2017 SME Cyber Threats

Despite their small size and the common misconception by SME owners that they are not at risk from cyber threats, the reality is very different. It is because of their size and smaller budgets that make them a popular target for criminals. So what are the threats to SMEs in 2017 likely to be?


As we have seen, 2016 was the Year of Ransomware and it is unlikely to change significantly next year. Enterprise-targeted ransomware attacks have become mainstream and will continue to be a major threat, while new methods of attack may include exploiting vulnerable web servers as an entry point to gain access into an organisation's network. Ransomware-as-a-service, custom ransomware for sale in dark markets, and creative derivatives from open-source ransomware code will also pose a significant threat. We also expect Mobile ransomware to continue to grow.

Internet of Things (IoT)

The IoT encompasses thousands of types of devices in every industry. IoT should be thought as networks of devices enabling and offering services, many of which are cloud-based. The threat is multifaceted; ranging from ransomware to cloud. IoT devices will also be useful attack vectors into control, surveillance, and information systems, as seen with the recent Mirai malware.

Cloud Services

During the past few years, the rapidly growing use of cloud services and an increase of new devices are challenging traditional methods of protecting everything digital. Increasing amounts of sensitive data and business-critical processes are shifting to public and hybrid clouds. Attackers are adapting to this shift and will seeks to attack cloud infrastructure.


Simple-but-effective Business Email Compromise (BEC) attacks will continue to grow, while we will begin to see more hard-hitting Business Process Compromise (BPC) attacks like the US$81-million Bangladesh Bank heist.

Third Parties

Third parties such as vendors and contractors pose a risk to companies. Most have no secure system or dedicated team in place to manage these third-party employees. High-profile breaches of US chains Wendy’s and Target illustrate how cyber criminals have become increasingly sophisticated.

General Data Protection Regulation

European adoption of the General Data Protection Regulation (GDPR) in 2018 will mean a change of processes to comply. They comprise:

Share this article


Your free global geopolitical
risk dashboard

PGI’s Risk Portal tool provides daily intelligence feeds, country threat assessments and analytical insights, enabling clients to track, understand and navigate geopolitical threats.

The Risk Portal gives users up-to-date information and analysis on global affairs.

The Risk Portal allows users to visualise information in a unique and instantly understandable way. Mapping filters enable the visualisation of incidents by threat category, time period, perpetrator and target type.

Risk Portal users can upgrade their accounts to include the Report Builder and Country Profile Generator features. The Report Builder allows users to select information, data and images from the Risk Portal and create bespoke reports and emails.

Subscribers to PGI’s Bespoke services receive tailored analysis on specific sectors and geographies of interest, delivered at a frequency they determine.

Visit the Risk Portal

Subscribe to our Cyber Bytes Newsletter

Keep yourself in the loop with PGI by signing up to our Monthly Cyber Bytes email. You will receive updates, tips and narrative around what has been happening in the world of information security.

Get in touch today

For more information on how we can help you or your business, please contact us via:

Related News

CISMP, CISSP and CISM - what's in an acronym?

20 Mar 2017

There is a wide range of different security courses available, and a mind-boggling array of certific...

Read news article

International Womens Day - Pioneering Women in Tec...

08 Mar 2017

Pioneering Women in Technology – Katherine JohnsonThe Oscar season has been and gone. The...

Read news article

Law Firms and why they need cyber security

06 Mar 2017

Suffering a data breach can be devastating for any company but for law firms the impacts can be part...

Read news article
Back to the News Hub

Follow us

+44 (0)207 887 2699
©2017 PGI - Protection Group International Ltd. All rights reserved.
PGI - Protection Group International Ltd is registered in England & Wales, reg. no. 07967865
Registered address: Cascades 1, 1190 Park Avenue, Aztec W, Almondsbury, Bristol BS32 4FP