Many small businesses do not consider themselves worthy enough targets for more advanced attacks, such as advanced persistent threats (APTs). As such, they often have only minimal cybersecurity controls in place to protect them against everyday threats such as mass phishing scams and common forms of malware.