Four Reasons Hackers are Targeting Small and Medium Sized Businesses (SMBs)
by Steve Nice, SMLR Group
Larger organizations dominate the headlines when it comes to cybercrime, but it is the small and medium-sized business (SMBs) that are becoming the primary targets and are bearing the brunt of most attacks. 60% of all targeted attacks strike SMBs. In 93% of cases, it took attackers minutes or less to compromise systems and data exfiltration occurred within minutes in 28% of the cases.
Just this month a new report from the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA) says that the last year “has been punctuated by cyber-attacks on a scale and boldness not seen before.” So, why are hackers targeting SMBs and what can they do to protect themselves from this growing spectre of cybercrime?
SMBs are low-hanging fruit – make yourself less easy to target with Unified Threat Management (UTM)
Smaller enterprises are generally quite complacent about security. Due to the size of their operations, they tend to assume they are safe from malicious attacks when in reality, it’s quite the opposite. Smaller businesses are more at risk of successful cyber-attacks than larger ones as they often lack the budget and expertise to implement effective cybersecurity strategies. A recent report by Barclaycard revealed that only 20% of organizations believe cybersecurity to be a top business priority, suggesting why they are a prime target for hackers.
These SMBs need to ensure that they remain one step ahead of cybercriminals, and should seek advice from cybersecurity professionals and invest in protection policies. Investing in and adopting Unified Threat Management (UTM) solutions will offer them better protection against the growing number of threat vectors.
SMBs can be the ‘gateway’ to larger organizations
Larger companies are often harder to penetrate as they have sophisticated security defenses in place. As many SMBs are connected electronically to the IT systems of larger partner organizations, it provides an inroad to the ‘big names’ and their valuable data. Hackers clearly go small to win big but if found to be the flaw in a large organization’s security defense, small businesses could suffer catastrophic reputational and financial damage.
SMBs are vulnerable to ransom requests – shore up your defenses and train your staff
SMBs are in a vulnerable position when it comes to cyber-attacks, in the sense that a ransomware request could put them out of business overnight. With their business at stake, victims of ransomware often feel they have no option but to acquiesce to such requests.
Arguably SMBs have no-one else to blame but themselves: by not keeping their employees abreast of security concerns and issues, they are leaving themselves vulnerable to ransomware and phishing. Node4 research reveals that the biggest internal threat to a business is the human element, through errors made by employees. Companies need to educate their staff on the evolving threat landscape and the potential threats of opening unsolicited email attachments, for example.
SMBs are vulnerable to the rise in CEO fraud – use alternate systems to dual-authorize
Businesses are also falling victim to the latest in a new generation of cyber-attacks, CEO fraud, with almost 40% of targets being SMBs according to Symantec research. CEO fraud involves hackers designing and sending a fraudulent email to an employee, posing to be the CEO of the company.
They use a domain name that appears similar to the target’s to scam the employee, with the email typically requesting sensitive company information or money transfers, which, of course, ends up in the hacker’s bank account.
By introducing dual authorization procedures, SMBs can detect CEO fraud quickly and easily, and can protect their organization from such attacks. Most SMBs have internal messaging tools, such as Slack or Skype for Business, that are more difficult to compromise. Companies should use such platforms to verify the authenticity of a payment request. Having a second pair of eyes overlooking the request can make all difference and could potentially save your business huge amounts of money.