Many criminals target small- to medium-sized businesses (SMBs) because simply they may not have the technological defences to protect themselves. A report from the Better Business Bureau shows that 87%of SMBs are aware that they are not safe from cybercrime. Despite this awareness, cyberattacks cost SMBs around £2 billion in 2017. This shows that smaller companies are still failing to secure their assets.
According to the Better Business Bureau report, 83% of SMBs employ antivirus solutions, and 80% use firewalls.
These solutions are good at detecting and safeguarding against known threats; however, attackers often take advantage of this. For starters, attackers know that IT departments in most SMBs lack the technical skill and specialised knowledge to properly configure these solutions. Attackers may also alter the code of their malware or raise the level of sophistication of their attack to bypass these safeguards.
Let’s look at some of their tactics:
Currently, thousands of strains of ransomware exist, and new ones are created every day. Once this type of malware infects a vulnerable computer on your network, it can spread to other computers, servers, and storage. Ransomware locks you out of the files on the infected machine using encryption, and then the criminal demands a ransom be paid in exchange for the decryption key. If it is not paid, the files are eventually destroyed. In some cases, the ransom goes up as time passes to create a greater sense of urgency and encourage early payment.
Nearly 500,000 UK businesses are being hit by impersonation fraud, according to estimates by Lloyds Bank, with the legal sector most at risk. Impersonation fraud, also known as CEO fraud and Business Email Compromise (BEC), is on the rise, warns the bank. SMBs falling victim to these exploits are losing an average of £27,000.
CEO fraud emails are sent to Directors / Finance managers, usually individuals in a business, usually someone with the ability to transfer money. The email is crafted to look like it came from the originator and requests that an urgent payment or wire transfer be sent to a bank account for payment. The bank account is actually set up by the criminals, and they make off with the money. According to the FBI, these types of attacks have cost businesses over $12 billion since 2013.
Have a look at this video for an overview https://vimeo.com/287278592
Data breaches are the old standby for cyber-criminals. Attackers look for a weak spot in an organization’s defences and exploit it to gain access to network resources. Once inside, they can escalate the privileges of the compromised account and have free rein to explore their victim’s network for valuable information, such as:
- Intellectual property
- Personal data
- Customer data
- Financial data
- Resources to use for other attacks
Once attackers have compromised a network, they can go undetected for months, even years, and the cost to eradicate them can put an SMB out of business.
It’s difficult these days to find a business that doesn’t have a website or use a customer relationship application. Yet, although these tools are almost necessities, they are not the easiest to implement. Even something as easy as a WordPress site requires in-depth knowledge of server and software configuration to properly configure it against vulnerabilities. When software is not properly configured, upgraded, and managed, it can leave gaping holes for attackers to target.
Imagine if your customers could not access your website because it was down, and there was nothing you could do to bring it back up. Or if one of your business-critical applications was suddenly inaccessible to your employees, and nothing you did could restore their access. Criminals can cripple a business by launching (DDoS) attacks, which bring down websites and other systems by using up so many resources that they overwhelm their targets and render them useless. DDoS attacks are no longer just for fun; now it is for the purpose of ransom. You need people on your team to protect against these criminals.
The unfortunate reality is that none of these types of attacks require in-depth knowledge to carry out. Malware, DDoS tools, and phishing kits are sold inexpensively on the dark web. Anyone with access to them can successfully launch an attack with little chance of being caught if he or she follows the instructions. Conversely, it takes a great deal of knowledge and specialised skill to defend against them.
Simply installing antivirus software and a firewall won’t do the trick.
If you want to truly defend your business against modern-day threats, you need a team of security-minded professionals to do the job right. While most SMBs lack the resources to fight against these attacks, they can turn to a trusted IT partner to work with them to help bolster their defences and monitor their systems for malicious activity. By partnering with the right professionals, not only will you ensure that you’ve done everything within your power to prevent attacks, but also—if an attack is successful—you will be able to identify and stop it before any real damage is done.
We are a simple call away and happy to offer advice in any of these areas.