When it comes to protecting your organization from the latest threats, one of the biggest challenges is that the landscape you need to protect against is constantly changing. The emergence of new malware and other threats means that SMBs must constantly adapt their strategies to mitigate risk.

There were 667 million new types of newly-developed malware tracked in 2020, up from 172 million in 2015 and 28 million in 2010. This drastic increase speaks to the evolving challenge SMBs face today — one that will only likely increase in the years to come.

According to the 2021 Malware Threat Survey conducted by Dark Reading, 49 percent of security leaders said their biggest challenge today is determining how to assess the risk associated with new malware. Many leaders said they are experiencing a slight to significant increase in malware volumes over the past year, particularly amidst the COVID-19 pandemic.

Here are some of the most significant areas to watch for SMBs when it comes to new malware:

Ransomware. Ransomware has hit the headlines in 2020 and 2021 for devastating businesses worldwide, including hospitals, elementary schools, colleges, local businesses, and more. More extravagant attacks impacted organizations such as the Colonial Pipeline, JBS, and other significant enterprises. It was no surprise then that 41 percent of security and IT leaders surveyed cited ransomware as their top concern over the next two years. SMBs should ensure they take the necessary steps to mitigate risk from ransomware and develop a plan for responding if an attack hits them.

Phishing. As has proven true in years past, phishing continues to be the primary malware delivery vector among attackers for new malware. 47 percent of those surveyed said phishing was the primary attack vector for malware intrusions in their organization.

However, the survey found that organizations reporting phishing issues have declined, suggesting that perhaps attackers are getting better at evading detection. SMBs should ensure they have technology solutions in place and take the time to educate employees on how to spot and report potential phishing attacks.

Nation-state attacks. While SMBs may think they are too small to be targeted by a nation-state attack, that is not the case. SMBs typically are lower hanging fruit for attackers, given that their budgets for security protections are typically smaller than a larger enterprise. They may also be tied into the supply chains of a larger target, putting them in the crosshairs of attackers. Twenty-one percent of those surveyed said they were worried about nation-state groups, up from 10 percent last year.

Each of these areas is important for an SMB to watch to mitigate their risk from new malware. If not, they may become part of the 15 percent of organizations surveyed that said they reported a severe breach or compromise every month or more. That’s a risk no organization wants to take.