SK Shieldus announced on May 14 that it has analyzed major cyber threat trends affecting small and medium-sized enterprises (SMEs) based on data accumulated over the past five years, coinciding with SME Week.
The analysis revealed that SMEs take an average of 106.1 days to recognize and investigate security incidents after they occur. In some cases, the delay reached as long as 700 days, with 32.6% of incidents taking more than 90 days to address.
As the use of artificial intelligence (AI) expands, the complexity of corporate systems increases, placing a greater burden on SMEs, which often have limited security personnel and infrastructure. According to the Korea Internet & Security Agency (KISA), approximately 89.4% of ransomware reports last year came from SMEs.
This analysis was conducted by SK Shieldus' incident response team, Topsert, using data from domestic corporate incident responses between 2021 and 2025.
Over the past five years, the primary types of incidents affecting SMEs were ransomware (44.9%) and data breaches (42.9%), followed by cryptocurrency mining attacks.
The main infiltration routes for attacks were application vulnerabilities (20.8%), file upload vulnerabilities (18.9%), and VPN vulnerabilities (15.4%). Additionally, malicious emails, watering hole attacks, and externally exposed URLs were identified as significant attack vectors.
This year, notable incidents included data breaches from malicious emails and watering hole attacks, ransomware infections through brute force attacks, and cryptocurrency mining attacks stemming from supply chain breaches.
Notably, the initial infiltration times were concentrated during nighttime and early morning hours (6 PM to 5 AM), accounting for 53.2% of all attacks. SK Shieldus highlighted the potential response gaps during these hours but noted that attack attempts continue throughout the day, underscoring the need for a 24/7 monitoring system.
By industry, the manufacturing sector accounted for the highest proportion of incidents at 47.4%, followed by information services (15.8%) and finance (10.5%). Incidents were also reported across various sectors, including education and retail, indicating that security threats are spreading across industries.
SK Shieldus explained that in manufacturing, the close connection between production equipment and operational systems means that security incidents can lead to production line shutdowns, delivery delays, and disruptions in the supply chain.
In response, SK Shieldus is supporting the establishment of continuous security response systems for SMEs through its managed detection and response (MDR) service, which offers threat detection, analysis, and response 24/7, available on a subscription basis.
A representative from SK Shieldus stated, "As AI technology spreads, cyber attacks are becoming increasingly sophisticated, making it difficult for limited personnel to respond to all threats. We will continue to expand support for SMEs to help them build professional security response systems while alleviating their burdens."
* This article has been translated by AI.
Copyright ⓒ Aju Press All rights reserved.