The Reality Check For Small & Medium Businesses

Ransomware – a threat we’re all becoming increasingly aware of and want to stay far away from. It impacts every sector and attacks are increasing in frequency and sophistication all the time. Yet, few small and medium sized businesses (SMBs) realize they are just as at risk, if not more so than larger enterprises. In fact, in 2022 alone, 61% of all cyber attacks were aimed at small businesses. 

Part of the appeal is that SMBs retain a wealth of confidential information from medical records to bank accounts, all of which cybercriminals can either sell or hold for ransom. This can land companies in more trouble than just the initial cost of a ransomware attack, which can be crippling, but they may be subject to additional fines if confidentiality laws are breached. Add to that the loss of customer trust that many SMBs rely on to compete with larger companies, and you get a clearer picture of how devastating an attack can be. 

As SMBs continue to embrace a host of new technologies on their digital transformation journeys, this threat is only going to increase. From transitioning to the cloud to the use of SaaS platforms to facilitate remote access for hybrid working, more devices are now exposed to the internet than ever before. So, how can SMBs increase their cyber resilience to prevent a ransomware attack? 

A criminal enterprise with extortionate returns:   Across the board, cybercriminals have been upping the ante in terms of both frequency and sophistication of ransomware attacks. Ransomware is favoured by many as it is quick to deploy and offers lucrative returns. In ransomware attacks, criminals gain access to your high value data and encrypt it so that you cannot access it without them supplying the unlock code in return for cash. Sometimes lots of cash, usually in the form of untraceable crypto currency. In fact, in 2021 it was reported that ransomware attacks globally resulted in businesses handing over a total of $49 million. And let us not forget, we are dealing with criminals here, so there is no guarantee that your data will be unlocked once a ransom has been paid and they may come back for more. Some cyber criminals may even try to raise the stakes by instigating a double or even triple extortion attack, where they leak some of the stolen data in order to pile on the pressure or ask for money from the individuals affected. 

Easy targets:   The shift to remote working has only added fuel to the fire and threat actors are aware of the increased attack surface that SMBs now present, and of the lower cybersecurity budgets they commonly have access to. This makes them an easy target for hackers who can access valuable data without some of the obstacles that are common in larger organizations, many of which have a dedicated cyber security team and more resources to deploy the latest threat detection and prevention technology. 

SMBs need to understand that not only are they likely to face a ransomware attack but that the impact of any attack could have a disproportionately greater effect on them compared to larger organizations.

In other words, while the financial amount from a ransomware attack may be far greater for a large enterprise, they have the resources to recover while for an SMB this could put them out of business overnight.  

How are attacks instigated?:   Ransomware is most commonly distributed through phishing emails which rely on catching someone at a busy moment and enticing them to make an ill-judged decision. Hackers will commonly use a trusted brand or spoof the email address of a colleague to give the message credibility. Threat actors will then ask the victim to click on a fraudulent link which can deploy ransomware. Other techniques may involve social engineering, whereby the hacker gathers information about a victim in order to build a relationship with them to obtain their login credentials which the threat actor can then use to launch an attack.  

Most smaller businesses will have some form of endpoint protection for their laptops, servers and desktops but often IoT devices like security cameras will not be protected. With more people using their personal mobiles and iPads for work, how many of these have any form of mobile security deployed on them? Not many, with a recent report finding that 80% of all BYOD in a company are not managed. 

It only takes one device, whether it’s a mobile phone, tablet, or laptop and only one employee to download a malicious file or click on a fraudulent link and the entire corporate network is up for grabs. Before you know it, ransomware is deployed, you are locked out of your systems; unable to trade, and customer privacy is lost. As a result, it’s important for SMBs to engage with their staff and make them aware of the risk, to reduce the likelihood of falling victim to a scam. 

How can SMBs protect themselves?:   It all starts with improving resilience. First, all organizations should be on top of security patches and rolling those out across all employees and devices as soon as they become available. Any delay could be a window of opportunity for a cybercriminal. It’s critical that internal processes are improved so that these updates can be done quickly and efficiently. Second, make sure that backups are in no way connected to the main server. Often companies are lulled into a false sense of security because they have a back-up somewhere, but in many cases, they are saved on the same server as all of their other data, meaning it will all become available during an attack. Instead, organizations should have a completely isolated, off-site network backup so when they are recovering from a ransomware attack, employees can access key files that allow them to continue with day-to-day operations.

As budget can often be an obstacle for SMBs, it should be a priority to reduce the number of solutions in place and consolidate to a single platform or vendor before looking to implement any new technologies. This is because organizations are often reliant on a number of third-party suppliers to protect different areas of their business, adding duplicate defenses unnecessarily.

By reducing the number of vendors involved, this will cut down total cost of ownership (TCO), reduce the attack surface and provide a unified view of the entire network, so it’s easier to spot any unusual activity. 

Period of Change:   Ransomware is a growing problem and is showing no signs of slowing down. As a result, SMBs need to be preparing now before an attack occurs. As they begin to plan for this new period of change, it’s important that they don’t treat their cybersecurity strategy as a one-off. It needs to be agile so that it can adapt as the threats change.

The methods hackers use are constantly evolving and as such businesses need to be prepared to change their approach at the same rate. It is essential that this becomes a priority for every SMB because any delays can result in a devastating outcome.

Muhammad Yahya Patel is a Security Evangelist at Check Point    

You Might Also Read:

Check Point Launches Horizon Security:

 

« Ukraine Uses Artificial Intelligence To Speed Up Attacks
CISA Reports No Significant Attacks On US Elections »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Foundation for Strategic Research (FRS)

Foundation for Strategic Research (FRS)

The Foundation for Strategic Research is France's main independent think tank on strategic, defense and security issues. Cyber security is covered as part of the study areas.

RiskSense

RiskSense

RiskSense empowers enterprises and governments to reveal cyber risk, quickly orchestrate remediation, and monitor the results.

Kryptus

Kryptus

Kryptus provides a wide array of solutions for hardware, firmware and software ranging from semiconductors to complex digital certificate management systems.

Security & Intelligence Agency (SOA) - Croatia

Security & Intelligence Agency (SOA) - Croatia

SOA is the Croatian security and intelligence service. Areas of activity include Cyber Security and Information Security.

Cyber Intelligence (CI)

Cyber Intelligence (CI)

Cyber Intelligence is an award winning 'MSC status' cyber security education and training company.

Intrinsyc Technologies

Intrinsyc Technologies

Intrinsyc provides product development services and Edge Computing modules that are helping to take the Internet of Things products to the next level.

OpSec Security

OpSec Security

OpSec Online is the only brand protection solution that spans all channels so your brands are protected no matter what digital venue the criminals target.

Microchip Technology

Microchip Technology

Microchip Technology Inc. is a leading provider of smart, connected and secure embedded control solutions.

Cado Security

Cado Security

Cado Security is pushing digital forensics, and cyber incident response to the next level with an incident response software platform and specialist consulting services.

Secret Intelligence Service (SIS - MI6)

Secret Intelligence Service (SIS - MI6)

The UK’s Secret Intelligence Service, also known as MI6, has three core aims: stopping terrorism, disrupting the activity of hostile states, and giving the UK a cyber advantage.

SecurIT360

SecurIT360

SecurIT360 is a full-service specialized Cyber Security and Compliance consulting firm.

Intigriti

Intigriti

Intigriti helps companies protect themselves from cybercrime. Our community of ethical hackers provides continuous, realistic security testing to protect our customer’s assets and brand.

Dropzone AI

Dropzone AI

Dropzone AI are creating a generational leap in SecOps by using AI to automate cyber expertise and tooling.

Defimoon

Defimoon

DeFimoon is the International Blockchain Development & Security Agency. We provide professional services and solutions at the highest quality on world-leading chains.

FastPassCorp

FastPassCorp

In the world of IT, identity theft is a growing concern. FastPass offers an innovative solution as a cloud or on-premises offering.

Defend-OT

Defend-OT

Defend-OT is a Belgium-based cybersecurity firm specializing in OT environments.