The Reality Check For Small & Medium Businesses

Uploaded on 2022-11-09 in TECHNOLOGY--Resilience, FREE TO VIEW

Ransomware – a threat we’re all becoming increasingly aware of and want to stay far away from. It impacts every sector and attacks are increasing in frequency and sophistication all the time. Yet, few small and medium sized businesses (SMBs) realize they are just as at risk, if not more so than larger enterprises. In fact, in 2022 alone, 61% of all cyber attacks were aimed at small businesses. 

Part of the appeal is that SMBs retain a wealth of confidential information from medical records to bank accounts, all of which cybercriminals can either sell or hold for ransom. This can land companies in more trouble than just the initial cost of a ransomware attack, which can be crippling, but they may be subject to additional fines if confidentiality laws are breached. Add to that the loss of customer trust that many SMBs rely on to compete with larger companies, and you get a clearer picture of how devastating an attack can be. 

As SMBs continue to embrace a host of new technologies on their digital transformation journeys, this threat is only going to increase. From transitioning to the cloud to the use of SaaS platforms to facilitate remote access for hybrid working, more devices are now exposed to the internet than ever before. So, how can SMBs increase their cyber resilience to prevent a ransomware attack? 

A criminal enterprise with extortionate returns:   Across the board, cybercriminals have been upping the ante in terms of both frequency and sophistication of ransomware attacks. Ransomware is favoured by many as it is quick to deploy and offers lucrative returns. In ransomware attacks, criminals gain access to your high value data and encrypt it so that you cannot access it without them supplying the unlock code in return for cash. Sometimes lots of cash, usually in the form of untraceable crypto currency. In fact, in 2021 it was reported that ransomware attacks globally resulted in businesses handing over a total of $49 million. And let us not forget, we are dealing with criminals here, so there is no guarantee that your data will be unlocked once a ransom has been paid and they may come back for more. Some cyber criminals may even try to raise the stakes by instigating a double or even triple extortion attack, where they leak some of the stolen data in order to pile on the pressure or ask for money from the individuals affected. 

Easy targets:   The shift to remote working has only added fuel to the fire and threat actors are aware of the increased attack surface that SMBs now present, and of the lower cybersecurity budgets they commonly have access to. This makes them an easy target for hackers who can access valuable data without some of the obstacles that are common in larger organizations, many of which have a dedicated cyber security team and more resources to deploy the latest threat detection and prevention technology. 

SMBs need to understand that not only are they likely to face a ransomware attack but that the impact of any attack could have a disproportionately greater effect on them compared to larger organizations.

In other words, while the financial amount from a ransomware attack may be far greater for a large enterprise, they have the resources to recover while for an SMB this could put them out of business overnight.  

How are attacks instigated?:   Ransomware is most commonly distributed through phishing emails which rely on catching someone at a busy moment and enticing them to make an ill-judged decision. Hackers will commonly use a trusted brand or spoof the email address of a colleague to give the message credibility. Threat actors will then ask the victim to click on a fraudulent link which can deploy ransomware. Other techniques may involve social engineering, whereby the hacker gathers information about a victim in order to build a relationship with them to obtain their login credentials which the threat actor can then use to launch an attack.  

Most smaller businesses will have some form of endpoint protection for their laptops, servers and desktops but often IoT devices like security cameras will not be protected. With more people using their personal mobiles and iPads for work, how many of these have any form of mobile security deployed on them? Not many, with a recent report finding that 80% of all BYOD in a company are not managed. 

It only takes one device, whether it’s a mobile phone, tablet, or laptop and only one employee to download a malicious file or click on a fraudulent link and the entire corporate network is up for grabs. Before you know it, ransomware is deployed, you are locked out of your systems; unable to trade, and customer privacy is lost. As a result, it’s important for SMBs to engage with their staff and make them aware of the risk, to reduce the likelihood of falling victim to a scam. 

How can SMBs protect themselves?:   It all starts with improving resilience. First, all organizations should be on top of security patches and rolling those out across all employees and devices as soon as they become available. Any delay could be a window of opportunity for a cybercriminal. It’s critical that internal processes are improved so that these updates can be done quickly and efficiently. Second, make sure that backups are in no way connected to the main server. Often companies are lulled into a false sense of security because they have a back-up somewhere, but in many cases, they are saved on the same server as all of their other data, meaning it will all become available during an attack. Instead, organizations should have a completely isolated, off-site network backup so when they are recovering from a ransomware attack, employees can access key files that allow them to continue with day-to-day operations.

As budget can often be an obstacle for SMBs, it should be a priority to reduce the number of solutions in place and consolidate to a single platform or vendor before looking to implement any new technologies. This is because organizations are often reliant on a number of third-party suppliers to protect different areas of their business, adding duplicate defenses unnecessarily.

By reducing the number of vendors involved, this will cut down total cost of ownership (TCO), reduce the attack surface and provide a unified view of the entire network, so it’s easier to spot any unusual activity. 

Period of Change:   Ransomware is a growing problem and is showing no signs of slowing down. As a result, SMBs need to be preparing now before an attack occurs. As they begin to plan for this new period of change, it’s important that they don’t treat their cybersecurity strategy as a one-off. It needs to be agile so that it can adapt as the threats change.

The methods hackers use are constantly evolving and as such businesses need to be prepared to change their approach at the same rate. It is essential that this becomes a priority for every SMB because any delays can result in a devastating outcome.

Muhammad Yahya Patel is a Security Evangelist at Check Point    

You Might Also Read:

Check Point Launches Horizon Security:

 

« Ukraine Uses Artificial Intelligence To Speed Up Attacks
CISA Reports No Significant Attacks On US Elections »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Opscura

Opscura

Opscura (formerly Enigmedia) brings the reliable and cautious hands of operations together with the analytical minds of cyber experts and cryptography researchers.

France Cybersecurity

France Cybersecurity

France Cybersecurity represents the French cybersecurity industry to raise international awareness of French cybersecurity capabilities and solutions.

Rublon

Rublon

Rublon protects endpoints, networks and applications by providing trusted access via two-factor authentication (2FA).

Tech-Recycle

Tech-Recycle

Tech-Recycle was formed to help companies and individuals securely, ethically and easily recycle their IT and office equipment. We destroy all data passed to us safely and securely.

WiSecure Technologies

WiSecure Technologies

WiSecure Technologies aims to develop cryptographic products meeting requirements in the new economic era.

CyberKnight Technologies

CyberKnight Technologies

CyberKnight Technologies is a cybersecurity focused value-added-distributor (VAD) headquartered in Dubai and covering the Middle East.

neoEYED

neoEYED

neoEYED helps banks and fintech to detect and prevent frauds using a Behavioral AI that recognizes the users just by looking at “how” they interact with the applications.

CyberSafe

CyberSafe

CyberSafe is a Portuguese company with a focus on cybersecurity solutions and services including network security, managed security, incident response and forensic analysis.

AirEye

AirEye

AirEye is a leader in Network Airspace Protection (NAP). Block attacks against your corporate network launched from wireless devices in your corporate network airspace.

Udacity

Udacity

Udacity's mission is to train the world’s workforce in the careers of the future. Our programs range from beginner to expert levels and deliver the hands-on skills for real-world expertise.

SECUINFRA

SECUINFRA

SECUINFRA has been supporting companies in detecting, analyzing and defending against cyber attacks since 2010.

Dataships

Dataships

We help companies automate their privacy compliance while building healthy, transparent data relationships with their customers.

NewAE Technology

NewAE Technology

NewAE Technology is revolutionizing the hardware security market by making every engineer and designer aware of side-channel power analysis and glitching as important attack vectors.

GoodAccess

GoodAccess

GoodAccess is the cybersecurity platform that gives your business the security benefits of zero trust without the complexities so your users can securely access digital resources anytime, anywhere.

CyberTest

CyberTest

CyberTest offers cybersecurity consulting and penetration testing services that helps organizations and businesses securing their assets.

Vantor

Vantor

Vantor is a Managed Security Services Provider (MSSP) that specializes in providing outsourced, managed cybersecurity services.