Anatomy of a cyber-attack and why it matters to SMEs

15/09/2025

According to a new report from Vodafone Business, SMEs throughout the United Kingdom are incurring annual losses amounting to £3.4 billion, due to inadequate cybersecurity measures.

Cyber attacks

The most common cyber-attacks are where criminal groups want to make money out of your critical information, in other words information of high value or sensitivity. The two most common methods are:

  • ransomware where business information is made inaccessible (by encryption) to the business until a ransom is paid
  • the sale of stolen information on the black market.

Why SMEs are at risk

We imagine cyber attackers as teenagers in hoodies working from bedrooms. These do exist, but the majority are well-organised cyber-criminal groups, operating like businesses.

We often hear about targeted attacks against high-value organisations, such as FTSE 100 and government organisations, but there are plenty that don't hit the headlines. The vast majority of attacks are not targeted: they are automated and opportunistic. In other words, any business is at risk.

The table below lists the most commonly seen tactics.

Use of cloud services

If you are using one of the leading cloud applications for your sector, you will have less to worry about. However, you must still think about the information you hold locally and bear in mind that all cloud services adopt what is known as the "shared responsibility model" for information security. The vendor will take on some aspects of cyber security, but you will always remain responsible for your data and business information. 

Reducing risk

The Government's National Cyber Security Centre (NCSC) has produced useful guidance for business. It provides a range of guidance and easy tips for small businesses on areas such as phishing, malware, and leaked or guessed passwords. Of course it is very general and does not focus on your specific areas of risk but can provide a useful starting point. 

It should also be borne in mind that the threat landscape is constantly evolving. We have seen a huge increase in remote working, widespread adoption of cloud services, and of course the emerging usage of generative AI. Further more the security requirements of each sector are going to be different - a manufacturing company may have challenges around securing its OT whereas businesses with a large mobile workforce may be more concerned with securing remote access.

CyberSolver can help you identify your critical risks and ensure you are using cloud services securely.