There’s a cyber security myth that’s costing small businesses big bucks: SMBs aren’t the target of cyber threats. In reality, nothing could be further from the truth. One Verizon report notes that 58% of malware attack victims are small businesses. In order to be prepared, it’s important to understand some of the trends that are shaping cyber security today. Here’s a closer look at the 2019 landscape and what SMB leaders need to know.
Threats are becoming more sophisticated: Perhaps the biggest takeaway for SMBs, beyond the fact that they’re potential targets, is that the cyber security threat landscape is becoming more sophisticated. Attack loops are threats that lodge in your backup and get initiated when you try to restore data after a breach. With cryptojacking, criminals siphon power from victims’ computers to mine for cryptocurrency. The way that criminals are thinking about extracting value from their victims is changing—and as a result, small and mid-size businesses need to track, prepare for, and defend against a wider range of threats.
Phishing remains a problem, but gets more personal: Phishing attacks—where hackers use an email, link, or malware to gain personal information—continue. And, with the addition of social engineering and better technology, phishing is becoming more difficult to prevent. Social engineering occurs when hackers use a layer of human intelligence to make phishing attempts more believable. For example, they’ll review blog posts, social media accounts, and other public information, and then try to make a convincing effort to impersonate the person they’re researching—usually a higher-ranking colleague of their intended victims. These attacks, when combined with the psychological techniques of urgency that create stress on targeted employees, are more difficult to identify. At the same time, SMBs have access to better tools that are using AI, rules, and keyword-based tools to identify phishing attempts, social engineering, and more.
Fileless attacks expand: When you think of a cyber security attack, you may think of clicking a link that downloads malware—or opening an infected attachment. These things still happen every day, but employee training and better tools have made them less effective. A new generation of so-called fileless attacks are becoming more common. A fileless attack leverages a legitimate application—or even your operating system—against you, often by exploiting a known vulnerability. If your team is late installing a system update or has fallen behind on patches, for example, that could leave you open to these attacks. Because a fileless attack doesn’t install anything on the computer, it’s more difficult to detect or prevent with traditional methods like anti-virus software.
Social media extortion rises: Increasingly, SMBs are struggling with attacks on social media channels. Hackers create social media accounts designed to look authoritative, and then threaten brands that they’ll release fake but deeply damaging news unless a ransom is paid. This type of extortion is hard to combat. It can be difficult to get the offending accounts taken down. Even if the information in question is 100% false, the risk of brand damage, false media coverage, or harming customer relationships carries significant weight with businesses.
Security design and technology investments converge: In some cases, SMBs have had individual cyber security solutions in place or have ad hoc solved specific threats when they arise. To respond competently to the range of threats facing businesses, SMBs are investing in strategic security process design. Once it’s clear what issues have arisen, technology investments can be made to help support the processes and fight the biggest risks.
The Bottom Line: What’s an SMB To Do?
As an SMB, it’s easy to look at the state of cyber security and feel overwhelmed. After all, you’re probably operating with a lean IT team and a limited cyber security budget. The good news is that there are better tools on the market than ever before. An array of solutions—from specific tools like email security solutions, to fully managed cyber security suites—can keep you protected. Should a breach occur, services like Disaster Recovery as a Service can help your brand get back online and mitigate the damage quickly.
As each year passes, the cyber security landscape quickly evolves. With that reality, SMBs need to keep a pulse on fast-changing threats and put plans in place to proactively protect their data. No matter what industry you’re in or your current technology setup, considering ways to improve your cyber security solutions is an important investment that can pave the way for a secure future.