Cyberattacks against UK SMEs are extremely common, with between 43% and 50% of UK SMEs having experienced a cyberattack in the last 12 months. These criminals often use automated tools to identify weaknesses in IT systems and run attacks without any human involvement.
Understanding these risks can help SMEs plan appropriate security measures to avoid the costly financial and reputational results of a data breach, production shut down, or ransomware attack.
Why Are UK SMEs Now Primary Targets?
Automated scanning tools target exposed systems with high volume attacks. “Cybercrime-as-a-Service” (CaaS) provides attack kits on the dark web and criminals can use them to scan thousands of IP addresses per hour, looking for exposed firewalls or unpatched servers to access company data. Ransomware gangs use these entry points to extort companies and often use SMEs to gain access to larger supply chains.
How Has Phishing Evolved Beyond Simple Emails?
Modern phishing methods bypass standard security measures by using proxies to defeat basic Multi-Factor Authentication (MFA).
- Traditional Phishing: Attackers send generic emails and rely on users clicking links to fake websites.
- Adversary-in-the-Middle (AiTM): Attackers position a proxy server between the user and a legitimate login page to capture passwords and session cookies. This method allows criminals access even with MFA enabled.
- Quishing uses malicious links in the QR codes that appear on parking meters or in emails. Users scan them with their personal smartphones, moving the activity to an unmanaged device.
It is important to protect your business from phishing attacks, and phishing-resistant hardware keys like FIDO2 prevent unauthorised access.
What Is the Double Extortion Ransomware Threat?
Double extortion ransomware involves data theft and encryption, with attackers copying sensitive data, like financial records or employee information, before locking the system. Restoring from backups does not stop data leaks and attackers will threaten to publish the data on public sites, which triggers GDPR reporting requirements.
Immutable backups use Write-Once-Read-Many storage which are locked for a set period. Administrators can’t delete them and ransomware scripts can’t alter them, but a clean recovery point remains available if files are encrypted.
Why Is Traditional Antivirus No Longer Sufficient?
Traditional antivirus applications rely on known file signatures but modern malware is often polymorphic, meaning the code changes with every infection to evade signature detection. “Fileless” attacks use legitimate system tools like PowerShell and don’t save malicious files to disk, so antivirus tools can’t detect these activities.
Managed Detection and Response (MDR) replaces traditional antivirus methods using Endpoint Detection and Response (EDR) technology to monitor system behaviour. MDR detects anomalies like rapid file encryption and isolates the device automatically, identifying threats that bypass preventative controls.
What Are the Risks of Supply Chains and MSP Vulnerabilities?
Supply chain attacks target third-party vendors by attacking software providers, or Managed Service Providers (MSPs), affecting all of their downstream clients. The Zellis payroll breach used a vulnerability in MoveIT software to expose data across many organisations. These attackers use trusted software updates to enter networks, so SMEs must audit their suppliers. Assessing fourth-party risk is also a governance requirement.
How Do Internal Practices Like Shadow IT Create Exposure?
Shadow IT refers to the use of unapproved software and devices, where employees use their personal accounts, like WhatsApp or Dropbox, for work. The data on these channels is outside corporate control, it isn’t backed up, and it isn’t scanned for malware.
WhatsApp usage also poses legal risks. The High Court ruling in FKJ v RVT established that WhatsApp messages on work devices are relevant evidence, and the Information Commissioner’s Office (ICO) tracks these compliance failures. Personal devices (BYOD) also introduce risk because malware on a personal laptop can steal corporate credentials. Understanding the risks of shadow IT helps companies regain control of their data.
What Regulatory Changes Must SMEs Prepare For?
New regulations increased IT compliance requirements in 2025, and two key updates are affecting UK businesses:
- The Willow Update: Cyber Essentials now includes all remote work devices in it’s scope, meaning home routers must now meet security standards.
- Legacy Authentication Blocking: Microsoft has blocked “Legacy Authentication” protocols including IMAP, POP, and SMTP. Older scanners often use these protocols and have stopped working without updates.
Businesses must upgrade to modern authentication to comply with regulatory requirements.
How Can Microbyte Help Secure Your Business?
Microbyte offers managed security services for SMEs. We provide Managed Detection and Response (MDR), deploy immutable backups, and fit within SME budgets.
Our NetAdmin provides network monitoring while our Virtual IT Director (vCIO) service assists with strategy, supporting Cyber Essentials and GDPR compliance. We also configure Azure Active Directory for access control. You can review cybersecurity basics for UK SMEs for more detailed information.
Conclusion
Modern cyber threats require active management because passive tools like antivirus are no longer sufficient. Ransomware and supply chain attacks disrupt operations, but using the correct controls manages these risks. Microbyte implements these controls for business owners, ensuring compliance and data security.
Take the next step: Contact Microbyte to schedule a detailed cybersecurity health check.
