Small organizations frequently underestimate the threat of cyberattacks, often believing they're not at risk. Many hold this belief because they feel they "don't have anything worth stealing.” If you’re one of them—operating under the assumption that hackers won’t bother with a small business like yours—you're exposing yourself to a lot of unnecessary risk. The networks of small and mid-sized organizations are not only viewed as targets, but are often seen as prime gateways to their business partners that are larger and more lucrative targets.
The outlook for cyberattacks on small organizations shows them continuing to grow in both frequency and severity. In the past year alone, 47% of small businesses experienced a cyberattack. Out of this group, 44% experienced more than one. According to Hiscox’s 2019 Cyber Readiness Report, the average cost of a cyberattack has jumped massively from $34,000 to just under $200,000 per single incident. These costs include: damage to data, stolen money, lost productivity, theft of intellectual property, compromised personal and financial data, embezzlement, fraud, disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.
So, what can small businesses do? The first step is to acknowledge that they are, in fact, a target. The second step is to increase their understanding of what attacks are most often perpetrated against small organizations and to focus their limited resources on protecting against them. While the topic of cybersecurity can surely be overwhelming, smaller organizations need to recognize the steps they can take to protect themselves from the most common types of attacks. The following are some of the most damaging threats facing small organizations:
One of the most common methods of cyberattack uses a technique called “phishing.” The goal of phishing is to lure the email recipient into believing that the message is something they want or need. The email looks like a request from their bank or someone within their organization but contains a malicious link or attachment. The element that distinguishes phishing is the form the message takes: the attackers masquerade as a trusted entity of some kind, often a real or plausibly real person, or a company the target might do business with. It's one of the oldest types of cyberattacks, dating back to the 1990s, but is still one of the most widespread. Over the years, phishing techniques have become increasingly sophisticated and therefore much harder to spot. Nearly every aspect of an email, even the display or “from” name, can be manipulated in order to trick a recipient into believing that they know who the email is coming from. For a more in-depth discussion about phishing scams, click here.
A ransomware attack begins with an infection of a device with malicious software (also known as malware). Ultimately, as the name suggests, ransomware will lock and encrypt a victim’s computer or device data, then demand a ransom to restore access. This can mean the loss of access to your most important data, documents, financial, and personnel records. In many cases, the victim must pay the cybercriminal within a set amount of time or risk losing access forever. And, since malware attacks are perpetrated by criminals, paying the ransom doesn’t always ensure access will be restored. Every indication shows that the rise in ransomware is increasing, with more than 4,000 new ransomware samples appearing every day. Ransomware is often distributed through phishing campaigns (see above) using malicious attachments or infected web links to deliver their destructive payload.
Even though we’ve all heard so much about the importance of using strong passwords and password policies, password attacks are still a very relevant threat. There are three main categories of password attacks. The first is a brute-force attack, where hackers continually guess at passwords (either manually or using automated tools) until they get in. Password guessing isn't always as difficult as you'd expect. When networks use weak authentication rules (they don’t require long and complex passwords), an attacker only needs to find one weak password to gain access to a network.
The second is a dictionary attack, where a hacker uses a program or script to try to login by cycling through combinations of common words. Where brute force involves systematic checking of all possible combinations, a dictionary attack tries only those possibilities most likely to succeed, typically derived from a list of words.
Keystroke logging is a third popular technique, where a hacker uses a piece of software—either malware or a virus—that gets installed on a user’s device. Once installed, the malware tracks and records everything the user types; including their login IDs and passwords. Stronger passwords don’t provide much protection against keystroke logging, which is one reason that the use of multi-factor authentication (MFA) is on the rise. For more on multi-factor authentication, click here.
Zero-day attacks happen when hackers exploit an unknown vulnerability in software and systems. The term zero-day may refer to the vulnerability itself, or an attack that has zero days between the time the vulnerability is discovered and the first attack. When hackers develop malware designed to slip through the vulnerability before security fixes (patches) can be developed and distributed, they can use the malware to compromise untold numbers of devices or networks. These exploits can go undiscovered for months, or even years, until they're revealed and repaired. Because many antivirus solutions don’t catch them, and security patches released are often slow to be applied, zero-day threats can inflict damage on a long-term basis. For this reason, they are considered one of the most dangerous threats to small and mid-sized organizations. For a more in-depth discussion about zero-day attacks, click here.
Fileless malware refers to an attack technique that uses existing, allowed software applications (like Microsoft Word, Excel, PDFs), and authorized protocols, to carry out malicious activities. Unlike traditional malware, fileless malware sneaks in without using traditional executable files as a first level of attack. Rather than using malicious software or executable file downloads, fileless malware often hides in memory or other difficult-to-detect locations. From there, it’s written directly to RAM (memory typically used to store working data and machine code) where it executes a series of malicious events. Because fileless malware doesn’t write anything to disk, it leaves no immediate trace of its existence and thus avoids detection by traditional antivirus security. Like zero-day threats, fileless attacks are also now considered one of the most dangerous threats to organizations, with reported incidents up some 265% in the first half of 2019.
Man in the Middle (MitM) Attacks
In a normal electronic transaction, two parties exchange digital information with each other. Attackers who use the man in the middle (MitM) method, intercept communications between two parties either to eavesdrop or send traffic traveling between the two to a malicious site. Attackers might use MitM attacks to steal login credentials or confidential information, spy on the victim’s activities, redirect funds, disrupt communications, or corrupt data. In a banking scenario, an attacker could see that a user is making an online funds transfer and change the destination account number or amount. The electronic intrusions are carried out by installing malware that interrupts the normal flow of information. This is generally done when one or more parties conduct transactions through an unsecured physical or Wi-Fi network. Given that they often fail to encrypt traffic, mobile devices are particularly susceptible to this scenario.
SQL Injection Attacks
For decades, web developers have been using structured query language (SQL) as one of their main coding languages. And, while it’s been extremely helpful in fostering the growth of the internet, it’s also an attack vector for malicious attacks. SQL injection is a type of attack that can give an attacker complete control over your web application database by inserting arbitrary SQL code into a database query. A successful injection attack on your servers and sensitive information can let cybercriminals access and modify important databases, download files, and even manipulate devices on your network. SQL injections (SQLi) were first discovered in 1998, but continue to plague web applications across the internet today.
Brand Cyber Extortion
While internet extortion schemes aren’t new, brand cyber extortioners focus on posting thousands of negative reviews, replies, and fraudulent reports on sites that can scare away customers. In this case, cybercriminals create ghost accounts on social sites like Facebook, Twitter, and Yelp to hijack an organization’s brand and/or reputation. To make the attacks stop, the victim makes the demanded payment. Again, because we are talking about dealing with a criminal element, even if you make the payment, there’s always a chance the attacks won’t stop. Cyber extortion of a brand is a low-cost, high-impact attack. It puts the targeted organization on the defensive, leaving it to them to prove to the public that the negative reviews are fake. This type of attack is particularly challenging for small and mid-size organizations to recover from, because they typically don’t have a cybersecurity or social media team to quickly and effectively address the damage.
How to Effectively Address Security Threats
Each of these security threats can be used in an attack against your organization. The damage can range from account hijacking, data theft and financial loss, to a loss of reputation. Regardless of size, your organization doesn’t have to be under-protected and unprepared. Advanced Network Systems’ Managed Security Program provides the essential security protections used by larger corporations, at a price designed for small and mid-sized organizations.
Our Managed Security Services Program starts with a baseline security audit, vulnerability testing to identify gaps in your security, and remediation services to eliminate those gaps. From there, we provide ongoing protection against both known and emerging threats using 24/7 monitoring, expert threat detection and analysis, as well as alerting and response tools to mitigate damage if a threat is detected.
If you aren’t fully confident that your current security will keep your organization protected against the most common types of cyber threats, contact ANS.