The Reality Check For Small & Medium Businesses

Uploaded on 2022-11-09 in TECHNOLOGY--Resilience, FREE TO VIEW

Ransomware – a threat we’re all becoming increasingly aware of and want to stay far away from. It impacts every sector and attacks are increasing in frequency and sophistication all the time. Yet, few small and medium sized businesses (SMBs) realize they are just as at risk, if not more so than larger enterprises. In fact, in 2022 alone, 61% of all cyber attacks were aimed at small businesses. 

Part of the appeal is that SMBs retain a wealth of confidential information from medical records to bank accounts, all of which cybercriminals can either sell or hold for ransom. This can land companies in more trouble than just the initial cost of a ransomware attack, which can be crippling, but they may be subject to additional fines if confidentiality laws are breached. Add to that the loss of customer trust that many SMBs rely on to compete with larger companies, and you get a clearer picture of how devastating an attack can be. 

As SMBs continue to embrace a host of new technologies on their digital transformation journeys, this threat is only going to increase. From transitioning to the cloud to the use of SaaS platforms to facilitate remote access for hybrid working, more devices are now exposed to the internet than ever before. So, how can SMBs increase their cyber resilience to prevent a ransomware attack? 

A criminal enterprise with extortionate returns:   Across the board, cybercriminals have been upping the ante in terms of both frequency and sophistication of ransomware attacks. Ransomware is favoured by many as it is quick to deploy and offers lucrative returns. In ransomware attacks, criminals gain access to your high value data and encrypt it so that you cannot access it without them supplying the unlock code in return for cash. Sometimes lots of cash, usually in the form of untraceable crypto currency. In fact, in 2021 it was reported that ransomware attacks globally resulted in businesses handing over a total of $49 million. And let us not forget, we are dealing with criminals here, so there is no guarantee that your data will be unlocked once a ransom has been paid and they may come back for more. Some cyber criminals may even try to raise the stakes by instigating a double or even triple extortion attack, where they leak some of the stolen data in order to pile on the pressure or ask for money from the individuals affected. 

Easy targets:   The shift to remote working has only added fuel to the fire and threat actors are aware of the increased attack surface that SMBs now present, and of the lower cybersecurity budgets they commonly have access to. This makes them an easy target for hackers who can access valuable data without some of the obstacles that are common in larger organizations, many of which have a dedicated cyber security team and more resources to deploy the latest threat detection and prevention technology. 

SMBs need to understand that not only are they likely to face a ransomware attack but that the impact of any attack could have a disproportionately greater effect on them compared to larger organizations.

In other words, while the financial amount from a ransomware attack may be far greater for a large enterprise, they have the resources to recover while for an SMB this could put them out of business overnight.  

How are attacks instigated?:   Ransomware is most commonly distributed through phishing emails which rely on catching someone at a busy moment and enticing them to make an ill-judged decision. Hackers will commonly use a trusted brand or spoof the email address of a colleague to give the message credibility. Threat actors will then ask the victim to click on a fraudulent link which can deploy ransomware. Other techniques may involve social engineering, whereby the hacker gathers information about a victim in order to build a relationship with them to obtain their login credentials which the threat actor can then use to launch an attack.  

Most smaller businesses will have some form of endpoint protection for their laptops, servers and desktops but often IoT devices like security cameras will not be protected. With more people using their personal mobiles and iPads for work, how many of these have any form of mobile security deployed on them? Not many, with a recent report finding that 80% of all BYOD in a company are not managed. 

It only takes one device, whether it’s a mobile phone, tablet, or laptop and only one employee to download a malicious file or click on a fraudulent link and the entire corporate network is up for grabs. Before you know it, ransomware is deployed, you are locked out of your systems; unable to trade, and customer privacy is lost. As a result, it’s important for SMBs to engage with their staff and make them aware of the risk, to reduce the likelihood of falling victim to a scam. 

How can SMBs protect themselves?:   It all starts with improving resilience. First, all organizations should be on top of security patches and rolling those out across all employees and devices as soon as they become available. Any delay could be a window of opportunity for a cybercriminal. It’s critical that internal processes are improved so that these updates can be done quickly and efficiently. Second, make sure that backups are in no way connected to the main server. Often companies are lulled into a false sense of security because they have a back-up somewhere, but in many cases, they are saved on the same server as all of their other data, meaning it will all become available during an attack. Instead, organizations should have a completely isolated, off-site network backup so when they are recovering from a ransomware attack, employees can access key files that allow them to continue with day-to-day operations.

As budget can often be an obstacle for SMBs, it should be a priority to reduce the number of solutions in place and consolidate to a single platform or vendor before looking to implement any new technologies. This is because organizations are often reliant on a number of third-party suppliers to protect different areas of their business, adding duplicate defenses unnecessarily.

By reducing the number of vendors involved, this will cut down total cost of ownership (TCO), reduce the attack surface and provide a unified view of the entire network, so it’s easier to spot any unusual activity. 

Period of Change:   Ransomware is a growing problem and is showing no signs of slowing down. As a result, SMBs need to be preparing now before an attack occurs. As they begin to plan for this new period of change, it’s important that they don’t treat their cybersecurity strategy as a one-off. It needs to be agile so that it can adapt as the threats change.

The methods hackers use are constantly evolving and as such businesses need to be prepared to change their approach at the same rate. It is essential that this becomes a priority for every SMB because any delays can result in a devastating outcome.

Muhammad Yahya Patel is a Security Evangelist at Check Point    

You Might Also Read:

Check Point Launches Horizon Security:

 

« Ukraine Uses Artificial Intelligence To Speed Up Attacks
CISA Reports No Significant Attacks On US Elections »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MailGuard

MailGuard

MailGuard delivers a full suite of security solutions across email and web to protect your business before threats reach your environment.

Computer & Communications Industry Association (CCIA)

Computer & Communications Industry Association (CCIA)

CCIA supports efforts to facilitate and streamline information sharing on cyber threats between the private sector and the Federal Government.

Skkynet Cloud Systems

Skkynet Cloud Systems

Skkynet is a leader in real-time data systems for the secure management and control of industrial processes (SCADA) and embedded devices (M2M).

Aves Netsec

Aves Netsec

Aves is a deceptive security system for enterprises who want to capture, observe and mitigate bad actors in their internal network.

CRI4DATA

CRI4DATA

CRI4DATA's mission is to help organizations build their resilience to cyber risk.

Altipeak Security

Altipeak Security

Altipeak Security provide Safewalk - a flexible and robust authentication platform through which we offer improved security to SMBs, corporates, banks, insurance companies, healthcare and more.

C5 Capital

C5 Capital

C5 Capital is a specialist investment firm that exclusively invests in the secure data ecosystem including cybersecurity, cloud infrastructure, data analytics and space.

Deepwatch

Deepwatch

deepwatch’s cloud SecOps platform and relentless customer focus are redefining the managed security services industry.

RapidScale

RapidScale

RapidScale’s managed cloud solutions provide reliable, innovative, and secure services, all complete with white-glove service and full management options.

DNX Ventures

DNX Ventures

Based in Silicon Valley and Tokyo, DNX Ventures is an early stage VC for B2B startups in sectors including Cybersecurity.

Constella Intelligence

Constella Intelligence

Constella Intelligence provides digital risk protection services to quickly and efficiently disrupt cyber attacks and data breaches before they occur.

Pathlock

Pathlock

Pathlock (formerly Greenlight) help enterprises and organizations automate the enforcement of any process, access, or IT general control, for any business application.

HCS

HCS

HCS is an IT Company and Telecoms provider with an experienced team who are dedicated to ensuring our clients business systems are protected.

Labaton Sucharow

Labaton Sucharow

Standing on the horizon of law and technology, our Cybersecurity and Data Privacy Practice helps to protect consumers who have been harmed by businesses’ failures to safeguard their customers' data.

SecurEnvoy

SecurEnvoy

SecurEnvoy are a leader in designing zero access trust solutions using the latest cutting-edge technologies, to protect your users, devices and data, whatever the location.

Bulletproof Solutions

Bulletproof Solutions

Bulletproof provides IT expert support, services, and guidance to businesses small and large as they grow and adapt to today’s complex IT, cybersecurity, and compliance needs.