Due to several highly publicized data breaches at well-known large brands, cybersecurity has been a hot topic in both tech and main stream media recently. Just because the topic of data protection is currently at the forefront of news reports, it’s important to be aware that it’s in fact always a relevant and important topic. Additionally, it’s just as important for small and midsize businesses (SMBs) as it is for large corporations. A lack of security in your IT infrastructure can lead to an interruption in the ability of your team and business to function.The New York Times recently profiled several small businesses whose operations were put in jeopardy because of cyberattacks.
IT security breaches cost businesses money. The average cost of a cyberattack for a small business is $9000, not taking into account reputational damage. And why do hackers attack SMBs? In New York City, 75%+ of businesses are SMBs, which can add up to a very lucrative market for cyber threats, especially since many view these types of companies as not being properly protected.
60% of SMBs that experience a security
breach are out of business within 6 months!
Social Engineering & Malicious Software Delivery
The two most common ways we see companies being attacked are through social engineering and malicious software delivery, with both being accomplished via email. These are by no means new techniques, but we’re finding that the content of the emails is being delivered in more and more clever ways.
For example, CFO’s and accounts payable employees are being sent well-worded emails falsified to look like they are sent by the company’s owner, approving wire payments to falsified bank accounts for real vendors or clients. Identifying who to send these emails to is very straight forward in today’s world, and unfortunately so is the ability to falsify an email from someone within your company.
The best way to combat social engineering is employee training and, in this example, the creation of a payment approval process, but there are also some tweaks that can be done to your email system to help minimize the delivery of these emails.
Malicious software delivery via email is still by far the most prevalent manner in which companies suffer a security breach. For SMB’s, the threat of being specifically targeted is very low (unless brand recognition is high). Most SMB’s are actually hit by a shotgun approach – the perpetrators send millions of emails to random recipients knowing that a small percent will take the bait.
Even though these two methods have been around for a long time, a couple of things have changed that’s making them more dangerous for SMB’s.
Money is the reason all crime is committed and that’s no different in cyberspace. The process of delivering a virus to a business is now monetized, meaning the perpetrator’s incentive is hugely increased. Approximately three years ago, Crypto-locker, the first ransomware virus, hit the internet. Ransomware allows a perpetrator to infect your network and then prevent you from accessing your data unless you pay a fee in untraceable Bitcoin directly to their bank account.
Hackers Can Simply Purchase Viruses to Spread
Viruses are now easily available for purchase from the “dark web.” Hackers no longer need knowledge or skill to create malicious software, just the knowledge to acquire and distribute it. The easier the process, the more criminals are attracted.
Game changers! So what does this mean to you?
Wider availability and direct access to money means cybercrime is very appealing. It’s no longer enough to have antivirus protection on your PCs and servers. Multiple layers of security are now required. Each layer is in place to perform certain actions in order to decrease the ability of a malicious piece of software from penetrating and causing an issue for your business.
Managing & Monitoring IT
More importantly, IT security is not a “set it and forget it” process. IT security needs to be managed and monitored to ensure its constantly functioning as required, and to allow for the earliest possible detection of a breach.
The world should not be a scarier place due to the growing threat of cybercrime, but it should definitely be a more prepared one!