Small organizations still face a long list of security threats. These threats and vulnerabilities should be top of mind.
Big Factor- Cybercriminals are increasingly taking aim at smaller organizations. This puts small and midsize businesses (SMBs) in a tough spot. Faced with a long list of cyberthreats, they also are operating with smaller budgets and staff constraints, both of which can lead them to make poor security decisions.
Over the past year, Alert Logic has observed a “steady increase” in attacks and changes in attack methods affecting SMBs. An analysis of 5,000 attacks per day across its customer base from November 2018 to April 2019 reflected a variety of ways small businesses leave themselves exposed. Depending on the industry, SMBs typically invest less in security programs, says Jack Danahy, senior vice president of security at Alert Logic. Their weak spots can put them at risk.
“It is more likely that an attack focused at an older, unpatched vulnerability, or a relatively simple phishing attack, will find more success at these smaller organizations,” he explains. “So from my perspective, attackers are focusing on what they perceive as softer targets.” Danahy also says he has “no doubt” of a higher level of successful public attacks on smaller businesses.
As George Anderson, product marketing director at Webroot, points out, some of the threats SMBs face today are different from the security challenges they faced just a few years ago.
“I think the changes have been very dramatic,” he notes. As an example, he points to nation-state actors now targeting data SMBs hold. “That wasn’t very common four to five years ago,” Anderson explains, but activity has started to ramp up since it was first spotted back in 2016.
It’s imperative small businesses know how to maximize their limited security resources. To do so, they must be well-versed in the threats and vulnerabilities putting them at greatest risk. While it’s possible to have the same security as large firms, different steps need to be made. Reading up on SMB threats can help inform policies and procedures they should put in place.
Here, we outline the attacks SMBs should be aware of and the vulnerabilities putting them at risk. Did we miss anything? Feel free to add your thoughts in the comments.
Big Attacks Prey On Weak Targets
Malware campaigns like WannaCry and Emotet are equal-opportunity offenders, Alert Logic’s Danahy says, but they yield the most destructive results against SMB targets. New attacks are adept at identifying weaknesses, written to infect and spread laterally, and can quickly damage most of an SMB’s network.
“So while the attacks may be common, the constrained security resources of the SMB make the attack more likely to succeed, and the limited scale of the estate makes it more likely that the attack will have serious and visible consequences,” he explains.