Frequently Asked Questions
Everything you need to know about cyber threats, protection, and how Attic Security keeps your organization safe.
Cyber Threats & SMBs
How big is the risk for your organization, and where do most attacks begin?
Research from the Digital Trust Center and cybercrime researchers shows that one in five SMBs falls victim to a cyberattack each year. In sectors with extensive digital processes or valuable data (such as IT, retail, and healthcare), the percentage is even higher.
Many attacks go undetected or unreported, meaning the actual number is likely much higher. For SMBs, the question is not if, but when you'll be targeted.
Many attacks go undetected or unreported, meaning the actual number is likely much higher. For SMBs, the question is not if, but when you'll be targeted.
The average damage for an SMB after a cyberattack ranges between €30,000 and €75,000 per incident, depending on the type of attack and response speed. In cases of ransomware or Business Email Compromise (BEC), costs can exceed €100,000.
This damage includes:
• Operational downtime — no access to systems or data
• Recovery costs — IT support, forensic investigation
• Reputational damage — loss of customer trust
• Fines or legal claims — from data breaches or non-compliance
This damage includes:
• Operational downtime — no access to systems or data
• Recovery costs — IT support, forensic investigation
• Reputational damage — loss of customer trust
• Fines or legal claims — from data breaches or non-compliance
9 out of 10 cyberattacks start with the user — specifically via:
• Phishing emails with a link to a fake login page (e.g. Microsoft 365)
• Stolen sessions via Adversary-in-the-Middle (AiTM) websites
• Weak or reused passwords
Attackers exploit employee trust and take advantage of organizations that insufficiently protect their email and cloud access.
• Phishing emails with a link to a fake login page (e.g. Microsoft 365)
• Stolen sessions via Adversary-in-the-Middle (AiTM) websites
• Weak or reused passwords
Attackers exploit employee trust and take advantage of organizations that insufficiently protect their email and cloud access.
Attic Security Platform
How does Attic work and what can you expect from our solution?
In Attic, Checks are automated controls that run on your settings via Attic for Microsoft 365. We determine how frequently each Check runs — usually multiple times per day. The current status of each Check is visible in the dashboard. If a setting is insecure, you'll receive an alert with a suggested Fix.
Fixes in Attic are configuration changes that we recommend. Many Fixes are automatic, meaning Attic can apply them for you. These Fixes are only executed after your explicit approval — just one click. This makes it simple to keep your security up to date.
Yes. Attic offers phishing protection free of charge for SMBs. No hidden costs.
Optionally, you can extend AiTM protection with real-time employee warnings at the moment of login. This feature is available in Attic for Microsoft 365 Premium. Cost: €80 per month, regardless of the number of employees.
Optionally, you can extend AiTM protection with real-time employee warnings at the moment of login. This feature is available in Attic for Microsoft 365 Premium. Cost: €80 per month, regardless of the number of employees.
Attack Techniques
Understand the most common methods cybercriminals use against SMBs.
AiTM stands for Adversary-in-the-Middle and is an advanced form of phishing where an attacker positions themselves between you and the real login page.
How it works:
1. You receive an email with a link to a fake login page that looks exactly like the real one (e.g. Microsoft 365).
2. You enter your credentials, including your MFA code.
3. The attacker forwards those credentials in real-time to the real login page and captures your session cookie.
4. This gives them direct access to your account — even with MFA enabled.
Attic AiTM Protection detects these techniques and warns you immediately when you open a suspicious page.
How it works:
1. You receive an email with a link to a fake login page that looks exactly like the real one (e.g. Microsoft 365).
2. You enter your credentials, including your MFA code.
3. The attacker forwards those credentials in real-time to the real login page and captures your session cookie.
4. This gives them direct access to your account — even with MFA enabled.
Attic AiTM Protection detects these techniques and warns you immediately when you open a suspicious page.
Multi-Factor Authentication (MFA) is an extra security layer on top of your username and password. You need to provide a second proof of identity, such as:
• A code from an app (e.g. Microsoft Authenticator)
• An SMS to your phone
• A biometric scan (fingerprint or facial recognition)
MFA makes it harder for attackers to access your accounts, even if they know your password.
• A code from an app (e.g. Microsoft Authenticator)
• An SMS to your phone
• A biometric scan (fingerprint or facial recognition)
MFA makes it harder for attackers to access your accounts, even if they know your password.
Not always. MFA is an important security measure, but it does not provide full protection against AiTM attacks.
During an AiTM attack, the user is directed to a fake login page. The attacker intercepts your username, password, and MFA code. They use this to log in to your account in real-time, gaining full access including session cookies.
In other words: even with MFA enabled, an attacker can still gain access if you log in on a forged page. Attic AiTM Protection detects these fake pages and warns you immediately.
During an AiTM attack, the user is directed to a fake login page. The attacker intercepts your username, password, and MFA code. They use this to log in to your account in real-time, gaining full access including session cookies.
In other words: even with MFA enabled, an attacker can still gain access if you log in on a forged page. Attic AiTM Protection detects these fake pages and warns you immediately.
CEO fraud is a form of social engineering where an attacker impersonates an executive (CEO, CFO, or director) to pressure employees into making urgent payments or sharing sensitive information.
Examples:
• An urgent request to transfer an invoice to an "important partner"
• An email from an address that closely resembles the CEO's, but is slightly misspelled
Why does it work?
• Employees want to quickly comply with leadership requests
• The attack often happens during stressful moments (end of day, holiday periods)
Examples:
• An urgent request to transfer an invoice to an "important partner"
• An email from an address that closely resembles the CEO's, but is slightly misspelled
Why does it work?
• Employees want to quickly comply with leadership requests
• The attack often happens during stressful moments (end of day, holiday periods)
Ransomware is malicious software that encrypts files on your computer or network, making them inaccessible. The attacker then demands a ransom (often in cryptocurrency) in exchange for the decryption key.
For SMBs, this can lead to:
• Days or weeks of business process downtime
• Loss of customer data
• Reputational damage
• High recovery costs, even if you don't pay
Ransomware typically enters through phishing emails or infected attachments.
For SMBs, this can lead to:
• Days or weeks of business process downtime
• Loss of customer data
• Reputational damage
• High recovery costs, even if you don't pay
Ransomware typically enters through phishing emails or infected attachments.
Business Email Compromise (BEC) is an attack where an attacker gains access to a business email account or impersonates a manager, client, or supplier. They then send convincing emails to redirect payments or steal sensitive data.
For SMBs, these attacks are particularly dangerous because:
• Payments often lack dual-authorization controls
• Business relationships are more personal, making fake emails more convincing
• IT security is often lacking or less mature
For SMBs, these attacks are particularly dangerous because:
• Payments often lack dual-authorization controls
• Business relationships are more personal, making fake emails more convincing
• IT security is often lacking or less mature
More questions?
Our knowledge base has detailed articles on onboarding, package differences, partner integrations, and more.
Visit the knowledge base