The Reality Check For Small & Medium Businesses

Uploaded on 2022-11-09 in TECHNOLOGY--Resilience, FREE TO VIEW

Ransomware – a threat we’re all becoming increasingly aware of and want to stay far away from. It impacts every sector and attacks are increasing in frequency and sophistication all the time. Yet, few small and medium sized businesses (SMBs) realize they are just as at risk, if not more so than larger enterprises. In fact, in 2022 alone, 61% of all cyber attacks were aimed at small businesses. 

Part of the appeal is that SMBs retain a wealth of confidential information from medical records to bank accounts, all of which cybercriminals can either sell or hold for ransom. This can land companies in more trouble than just the initial cost of a ransomware attack, which can be crippling, but they may be subject to additional fines if confidentiality laws are breached. Add to that the loss of customer trust that many SMBs rely on to compete with larger companies, and you get a clearer picture of how devastating an attack can be. 

As SMBs continue to embrace a host of new technologies on their digital transformation journeys, this threat is only going to increase. From transitioning to the cloud to the use of SaaS platforms to facilitate remote access for hybrid working, more devices are now exposed to the internet than ever before. So, how can SMBs increase their cyber resilience to prevent a ransomware attack? 

A criminal enterprise with extortionate returns:   Across the board, cybercriminals have been upping the ante in terms of both frequency and sophistication of ransomware attacks. Ransomware is favoured by many as it is quick to deploy and offers lucrative returns. In ransomware attacks, criminals gain access to your high value data and encrypt it so that you cannot access it without them supplying the unlock code in return for cash. Sometimes lots of cash, usually in the form of untraceable crypto currency. In fact, in 2021 it was reported that ransomware attacks globally resulted in businesses handing over a total of $49 million. And let us not forget, we are dealing with criminals here, so there is no guarantee that your data will be unlocked once a ransom has been paid and they may come back for more. Some cyber criminals may even try to raise the stakes by instigating a double or even triple extortion attack, where they leak some of the stolen data in order to pile on the pressure or ask for money from the individuals affected. 

Easy targets:   The shift to remote working has only added fuel to the fire and threat actors are aware of the increased attack surface that SMBs now present, and of the lower cybersecurity budgets they commonly have access to. This makes them an easy target for hackers who can access valuable data without some of the obstacles that are common in larger organizations, many of which have a dedicated cyber security team and more resources to deploy the latest threat detection and prevention technology. 

SMBs need to understand that not only are they likely to face a ransomware attack but that the impact of any attack could have a disproportionately greater effect on them compared to larger organizations.

In other words, while the financial amount from a ransomware attack may be far greater for a large enterprise, they have the resources to recover while for an SMB this could put them out of business overnight.  

How are attacks instigated?:   Ransomware is most commonly distributed through phishing emails which rely on catching someone at a busy moment and enticing them to make an ill-judged decision. Hackers will commonly use a trusted brand or spoof the email address of a colleague to give the message credibility. Threat actors will then ask the victim to click on a fraudulent link which can deploy ransomware. Other techniques may involve social engineering, whereby the hacker gathers information about a victim in order to build a relationship with them to obtain their login credentials which the threat actor can then use to launch an attack.  

Most smaller businesses will have some form of endpoint protection for their laptops, servers and desktops but often IoT devices like security cameras will not be protected. With more people using their personal mobiles and iPads for work, how many of these have any form of mobile security deployed on them? Not many, with a recent report finding that 80% of all BYOD in a company are not managed. 

It only takes one device, whether it’s a mobile phone, tablet, or laptop and only one employee to download a malicious file or click on a fraudulent link and the entire corporate network is up for grabs. Before you know it, ransomware is deployed, you are locked out of your systems; unable to trade, and customer privacy is lost. As a result, it’s important for SMBs to engage with their staff and make them aware of the risk, to reduce the likelihood of falling victim to a scam. 

How can SMBs protect themselves?:   It all starts with improving resilience. First, all organizations should be on top of security patches and rolling those out across all employees and devices as soon as they become available. Any delay could be a window of opportunity for a cybercriminal. It’s critical that internal processes are improved so that these updates can be done quickly and efficiently. Second, make sure that backups are in no way connected to the main server. Often companies are lulled into a false sense of security because they have a back-up somewhere, but in many cases, they are saved on the same server as all of their other data, meaning it will all become available during an attack. Instead, organizations should have a completely isolated, off-site network backup so when they are recovering from a ransomware attack, employees can access key files that allow them to continue with day-to-day operations.

As budget can often be an obstacle for SMBs, it should be a priority to reduce the number of solutions in place and consolidate to a single platform or vendor before looking to implement any new technologies. This is because organizations are often reliant on a number of third-party suppliers to protect different areas of their business, adding duplicate defenses unnecessarily.

By reducing the number of vendors involved, this will cut down total cost of ownership (TCO), reduce the attack surface and provide a unified view of the entire network, so it’s easier to spot any unusual activity. 

Period of Change:   Ransomware is a growing problem and is showing no signs of slowing down. As a result, SMBs need to be preparing now before an attack occurs. As they begin to plan for this new period of change, it’s important that they don’t treat their cybersecurity strategy as a one-off. It needs to be agile so that it can adapt as the threats change.

The methods hackers use are constantly evolving and as such businesses need to be prepared to change their approach at the same rate. It is essential that this becomes a priority for every SMB because any delays can result in a devastating outcome.

Muhammad Yahya Patel is a Security Evangelist at Check Point    

You Might Also Read:

Check Point Launches Horizon Security:

 

« Ukraine Uses Artificial Intelligence To Speed Up Attacks
CISA Reports No Significant Attacks On US Elections »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Organization for Security and Co-operation in Europe (OSCE)

Organization for Security and Co-operation in Europe (OSCE)

OSCE is the world's largest security-oriented intergovernmental organization. Areas of activity include Cyber/ICT security.

Maryville Online - Cybersecurity Program

Maryville Online - Cybersecurity Program

The Cybersecurity Program at Maryville Online is designed to help students reach opportunities in cybersecurity leadership and management through an entirely online curriculum.

Lutech

Lutech

Lutech is an Italian ICT engineering and services company. Business solution areas include cyber security.

Cyber Command

Cyber Command

Our Managed IT service allows clients to offload the management of day-to-day computer, server, and networking support to our team of professionals.

Lacework

Lacework

Lacework brings speed, scale, and automation to cloud security and allows security and DevOps teams to collaborate on keeping data and applications safe.

Picus Security

Picus Security

Huge gaps often exists between the "perceived"​ and "actual"​ IT security level of an organization. Picus Security continuously assesses security controls and reveals deficient ones before hackers do.

Acalvio Technologies

Acalvio Technologies

Acalvio provides Advanced Threat Defense (ATD) solutions to detect, engage and respond to malicious activity inside the perimeter.

ERNW

ERNW

ERNW is an independent IT Security service provider with a focus on consulting and testing in all areas of IT security.

Bowbridge

Bowbridge

Bowbridge provides anti-virus and application security solutions for SAP systems.

Centro de Gestion de Incidentes Informaticos (CGII)

Centro de Gestion de Incidentes Informaticos (CGII)

CGII is the Computer Incident Management Center of the State of Bolivia.

Russell Reynolds Associates

Russell Reynolds Associates

Russell Reynolds Associates is a global leadership advisory and search firm with functional expertise in Digital Leadership, Data & Analytics, and Compliance.

Enzoic

Enzoic

Enzoic is an enterprise-focused cybersecurity company committed to preventing account takeover and fraud through compromised credential detection.

Testhouse Ltd

Testhouse Ltd

Testhouse is a thought leader in the Quality Assurance, software testing and DevOps space. Founded in the year 2000 in London, UK, with a mission to contribute towards a world of high-quality software

One82

One82

Serving emerging small and medium-sized businesses in California and neighboring regions for over 20 years, One82 has established itself as the most dependable provider of IT support services.

Hunt & Hackett

Hunt & Hackett

Hunt & Hackett helps European companies prevent, detect and respond to today’s most advanced adversaries, safeguarding them against cyberthreats and espionage.

Compugen Systems Inc (CSI)

Compugen Systems Inc (CSI)

Compugen Systems is an IT service delivery company that focuses on enabling your business outcomes.