A new report has found that the websites of small and medium-sized businesses (SMBs) in both Canada and the US are highly vulnerable to cyber exploits – and that the websites of Canadian SMBs are far more exposed to the risks than their US counterparts.
The “Small and Medium-Sized Businesses Vulnerabilities Report” of cybersecurity company CyberCatch scanned 20,000 randomly selected SMBs’ websites in the US and 1,850 in Canada. The SMBs whose websites were scanned belong to the following segments: defense contractors; manufacturers; shipping & transportation; technology companies; MSPs & ISPs; law firms; accounting firms; colleges and universities; medical practices; and dental practices.
According to the report, the SMB websites were especially vulnerable to three types of cyber exploits: spoofing, clickjacking, and sniffing. The report also stressed that the levels of the three vulnerabilities “were significantly higher in Canada for all 10 SMB types.”
Spoofing was defined by the report as a website or application that does not adequately verify the origin or authenticity of data, allowing attackers to send scripts to force the webserver to produce sensitive information such as usernames, passwords, or even the entire customer database. About 32.77% of US SMB websites were found to be vulnerable to this exploit, while a staggering 84.3% of Canadian SMB websites were more likely to be affected.
Clickjacking refers to an exploit wherein a threat actor inserts stylesheets, iframes, text boxes, or layers in a website. In the US, 27.94% of the surveyed SMB websites were vulnerable to clickjacking, while the figure jumped to 73.30% for Canadian SMB websites.
Meanwhile, sniffing attacks are cyber attack tactics that allow an attacker to view the transmission of unencrypted sensitive data in cleartext. Some 10.57% of US SMB websites were exposed to sniffing, while 26.81% of Canadian SMB websites were found to be at risk.
“SMBs across U.S. and Canada should scan their websites, software and web applications facing the Internet to make sure there are no vulnerabilities,” the report has recommended, adding that IT security managers should additionally implement a cybersecurity control to perform regular scans.
“SMBs have limited resources, lack cybersecurity knowledge and the how-to. They rely on their IT provider, but IT is not cybersecurity,” commented CyberCatch founder and CEO Sai Huda.
