SMBs: Defending against Cyber Threats

The pandemic period has been littered with incidents of cyber attacks ranging from ransomware attacks on public institutions to supply chain attacks that ultimately target large businesses. Does that mean small businesses are safe thanks to the lucrative target that large businesses make? Apparently not, if Verizon’s recent Data Breach Investigations Report is anything to go by. The report estimates that 43% of all breaches impact SMBs. Given the recent spate of attacks, most large businesses and even the federal government have decided to increase cybersecurity spending substantially. With beefed-up security, it’s pretty much guaranteed that most hackers will be on the lookout for weaker, more vulnerable targets in the future, i.e. small to medium-sized businesses (SMB) that cannot afford or haven’t implemented advanced defenses.

Beyond the growing volume of threats to businesses of all sizes, there is another factor to consider. Large businesses and government departments have the resilience to withstand even large-scale attacks. But for smaller businesses, the stakes are much higher. The U.S. National Cyber Security Alliance report estimates that nearly 60% of all SMBs are likely to fail within six months of a cyber attack.

Malware is a broad term encapsulating different types of damaging software and applications that pose a major threat to Cybersecurity for SMB. Malware can include viruses, worms, Trojans, rootkits, and programs designed to infiltrate and damage systems. While malware has existed as long as computers, they continue to pose a major threat to businesses thanks to their evolving nature. Following the NIST cybersecurity framework for small businesses can prove to be an effective countermeasure.

According to Cisco’s 2020 cybersecurity report, ransomware continues to pose the most serious threat to businesses and often results in 24+ hours of downtime and productivity loss. Once a malicious actor possesses your data, there is no guarantee that they will not erase your data, sell, or simply release it to the public even if the ransom is paid. The situation is made worse by the fact that businesses are now legally liable when customer data is affected. Moreover, the costs that companies have to bear to follow the industry and government stipulations in the aftermath of a ransomware incident also requires significant outlay, whether it’s for forensics, or RCA of the attack and addressing vulnerabilities. Without adequate secure backup, companies are liable to lose all of their operational and customer data in such attacks.

Phishing is a huge problem for small organizations with an estimated 57% of global SMBs falling victim to it. Targeted malware attacks can be spread through deceptive links and email attachments. Over the years, phishing attacks have evolved to use highly sophisticated techniques (including social engineering) that exactly duplicate trusted sources. Phishing attacks can be highly targeted to attack executives at any level of the organization and a single click can compromise years of highly valuable data.  These attacks can be used to steal login credentials and payment information from both individuals and companies and may also be used as an entryway to infiltrate a business’ entire information architecture.

DdoS (Denial of Service) attacks involve infecting a single target system with malware that can lie dormant for days or months until called to life by the threat actor. This system can be used to flood another networked system/ server with requests. The chain of requests continues until the entire network gets overwhelmed leaving a wide-open path of entry for attackers. DDoS attacks can be used as standalone attacks, or a diversion to infiltrate the system in other ways.

A network of bots can be used as a tool to automate mass attacks for different purposes, such as data theft, server crash, and malware distribution. Botnets can even be used to scam other people using your systems without consent. A botnet is a useful tool for DDoS, or cyber-espionage attacks to compromise the target network’s integrity. There are a wide variety of classifications for botnet attacks.

An Advanced Persistent Threat (APT) are long-term targeted attacks that use multiple attack vectors in your architecture. They are generally used to infiltrate highly guarded networks in multiple phases in order to avoid detection. Gaining a foothold in the network is just the beginning of the attack as APTs work to establish other routes of entry into the system so they can continue to steal data and maintain the foothold even if one or more breaches are detected and repaired by the company.

“Drive-by” downloads take advantage of existing vulnerabilities in user systems to install malware. Users may do a drive-by download by simply clicking a link or visiting a security-compromised webpage. The malware then capitalizes on the breach and can use the system’s resources or compromise users with control over their confidential data.

Insider threats are a growing cause of concern for SMBs. These typically involve accidental or deliberate misuse of privileged accounts and associated data. Companies can counter insider threats by coming up with strict usage and data access policies and implementing them rigorously to restrict, revoke, and monitor access to confidential data, processes, and privileged accounts.

You need to constantly monitor for security vulnerabilities, and need the right technical solutions for secure and accessible data backup. As a small business, this can be a tall order to fill in-house. Consider reaching out to Managed security services to reduce your chances of being targeted by improving your overall security posture.

Devising and enforcing security policies is critical to protecting your network over time. Cyber security practices and basic security parameters like maintaining password hygiene should become a part of your work culture to improve security. This can be done through regular meetings, team huddles, and seminars on cyber security practices, to make employees aware of threats and how they can secure the workplace better.

You should also teach your employees to recognize signs of a breach and give them a playbook to follow in different situations. Most importantly, you need to take away the threat of being blamed for anything and try to replace it with encouragement for every effort at learning more about cybersecurity for small businesses and implementing them to stay safe in the workplace.

Internal efforts may help a lot, but may be incapable of completely preventing cyber attacks. To prepare for such an eventuality and ensure business continuity after an attack, you should make it your priority to seek expert help now – before anything happens. Drawing up a response plan, having assigned roles and responsibilities for team members in the case of attack and further preparation can help you and your employees remain prepared and vigilant for attacks. cybersecurity measures for small businesses ensure quick identification and mitigation of attacks and most importantly, helps you to resume your routine operations quickly after an attack.

Recent reports indicate that 27% of small businesses lack the necessary expertise in-house to build and maintain a proper cybersecurity stance. As leading cybersecurity for small business providers, New Charter Technologies can immediately equip you with real solutions to specific problems you may face – all at a predictable and manageable cost.