SK shieldus recently revealed that nearly 90 percent of ransomware attacks reported in South Korea over the past five years have targeted small and medium-sized enterprises (SMEs).
In recognition of Small and Medium Enterprise Week, the cybersecurity firm conducted an in-depth analysis of cyberattack trends and incident response patterns. This study was based on infringement cases handled by its specialized response team, Top-CERT, between 2021 and 2025.
Data from the Korea Internet & Security Agency (KISA) supports these findings, indicating that SMEs were victims in 89.4 percent of all ransomware attack reports during the analyzed period.
SK shieldus’s investigation pinpointed ransomware as the predominant cyber threat to SMEs, accounting for a significant 44.9 percent of all attacks. Data theft emerged as another critical concern, making up 42.9 percent of incidents, with cryptocurrency mining attacks also frequently observed.
The company highlighted that attackers primarily exploit vulnerabilities stemming from weak security infrastructure and inadequate monitoring systems prevalent in many SMEs.
Analysis of initial intrusion methods showed application vulnerabilities were the most common entry point, responsible for 20.8 percent of breaches. This was closely followed by file upload exploits at 18.9 percent and VPN vulnerabilities at 15.4 percent. Furthermore, malware-laden emails, watering hole attacks, and exposed URLs were consistently identified as attack vectors throughout the current year’s cases.
A critical issue identified in the report was the prolonged response time by SMEs following security breaches. On average, companies took 106.1 days to initiate a formal investigation after detecting an attack, with the longest delay extending to an alarming 700 days. Over 32 percent of affected firms waited more than 90 days to commence investigations, significantly increasing potential damage.
Intriguingly, cyberattacks were more frequent outside regular business hours, with 53.2 percent occurring between 6 p.m. and 5 a.m., suggesting attackers target periods of reduced vigilance.
Across industries, manufacturing firms bore the brunt of losses and damages, accounting for 47.4 percent of incidents. Information services followed at 15.8 percent, and the finance sector at 10.5 percent. Education and distribution companies also experienced a notable number of security incidents.
An SK shieldus official commented on the findings, stating, “Limited personnel and resources pose significant challenges for SMEs in effectively mitigating cybersecurity risks. We are dedicated to expanding our support to empower smaller companies in developing robust and dedicated security systems.”
stlee0329
