Cyber Criminals Accelerate Attacks on Small-Medium Businesses
Cyber attacks on small-medium businesses (SMB) are increasing at an alarming rate. Data from Symantec’s 2016 Internet Data Security Threat Report showed that attacks on SMBs accounted for 43% of the cyber attacks in 2015. The figure was up 9% in just one year and stands in stark contrast to 2011 where the SMB segment accounted for a mere 11% of the total cyber attack victims.
Why is this segment so attractive to potential cyber attackers? CSOonline cites several reasons these criminals view small-medium business as tasty morsels ready to be preyed upon:
- Lack of time, budget and expertise to implement comprehensive security defenses.
- No dedicated IT security specialist on the payroll.
- Lack of risk awareness.
- Lack of employee training.
- Failure to keep security defenses updated.
- Outsourcing security to unqualified contractors or system administrators.
- Failure to secure endpoints.
Another point cited in the article was the degree of interconnection between SMBs with their suppliers and clients. By breaching one weak link, the attackers could easily gain a point of entry to many other organizations. That is also the message from Symantec Security, which in an email to CSO said, attackers often use SMBs as stepping stones to gain access to larger corporate networks.
The problem has become so severe that the US House of Representatives Small Business Committee held hearings to discuss the issue in July 2016. Small businesses play an indispensable role in providing the federal government with products and services. They are integral links in the government supply chain but are often ill-equipped to combat against sophisticated foreign cyber attacks. This makes them a prime target for state sponsors of cyber terrorism who wish to undermine America’s commerce and security, said Committee Chairman Steve Chabot.
As a business owner or IT executive, you may be asking what techniques do cyber criminals use to attack a site or network? A recent Business News Daily article listed the following six methods as the most common types of cyber attacks:
- APT: Advanced persistent threats, or APTs, are long-term targeted attacks that break into a network in multiple phases to avoid detection. This Symantec infographic outlined the five stages of an APT.
- DDoS: An acronym for distributed denial of service, DDoS attacks occur when a server is intentionally overloaded with requests, with the goal of shutting down the target’s website or network system.
- Inside attack: This is when someone with administrative privileges, usually from within the organization, purposely misuses his or her credentials to gain access to confidential company information. Former employees, in particular, present a threat if they left the company on bad terms, so your business should have a protocol in place to revoke all access to company data immediately upon an employee’s termination.
- Malware: This umbrella term is short for “malicious software,” and covers any program introduced into the target’s computer with the intent to cause damage or gain unauthorized access.
- Password attacks: There are three main types of password attacks: a brute-force attack, which involves guessing at passwords until the hacker gets in; a dictionary attack, which uses a program to try different combinations of dictionary words; and keylogging, which tracks all of a user’s keystrokes, including login IDs and passwords.
- Phishing: Perhaps the most commonly deployed form of cybertheft, phishing involves collecting sensitive information like login credentials and credit-card information through a legitimate-looking (but ultimately fraudulent) website, often sent to unsuspecting individuals in an email.
PC Magazine states that, to fight back, companies have to follow safe computing protocols. That includes training personnel to be on their guard for scams, adopting practices that protect data, and moving important data off the desktop into the cloud. In the not-too-distant future, biometrics and artificial intelligence (AI) may also help.
Business News Daily highlighted simple ways that you can minimize your chances of becoming a cyber attack statistic.
- Install antivirus software is the most common way to protect your business network and will defend against most types of malware.
- Deploy firewalls.
- Invest in an off-site data backup solution, so any information compromised or lost during a breach can easily be recovered from an alternate location.
- Propagate encryption software to protect sensitive data such as employee records, client/customer information and financial statements.
- Include two-step authentication or password security software for internal programs to reduce the likelihood of password cracking.
- One important solution that does not involve software and that many small businesses overlook is cyber security insurance.
- Keep your software up to date.
- Educate your employees.
- Implement formal security policies.
The threats to your organization from cyber attack are real but fear not, by proactively embracing the challenge you can protect your network from all but the most sophisticated attacks. A few ideas that will assist in fortifying your infrastructure against potential invaders are listed above. We recommend that you review these ideas with others in your organization and develop a workable action plan.
Randall Smith – 1stel Marketing Analyst