Small and Medium sized businesses (SMBs) continue to be frequent targets of cyber attacks. These threats are getting more sophisticated and persistent since hackers and cyber criminals see SMBs as vulnerable and an easy target. According to the National Cyber Security Alliance, research found small and medium sized businesses that incur a cyber attack are likely to be out of business within six months of an attack. It's not just money that's at stake. Public trust, employee morale and customer retention are just a few additional ramifications of falling victim to a cyber attack.
A substantial percentage of organizations experience a cyber attack coming from sites on the Internet. Humans have been fighting these threats, coming from a wide array of technical and social angles, since the Internet became the de-facto standard for information. Today almost all harm incurred from a digital attack is self-inflicted and can be avoided, but a very advanced attack can often avoid human detection until it's too late.
Malware is one of the most prevalent threats to SMBs. However malware is just one attack businesses need to consider when securing networks, business data, and employees. Some of the most common cyber attacks small and medium sized businesses face are…
Ransomware - This is the one that tends to get all the headlines... wannacry, Not Petya and recently Xbash are a few that have done some serious damage. In 2018 alone, ransomware costs are expected to surpass $8 billion. Ransomware attacks are typically spread through phishing attacks, email attachments, infected websites and inadvertent malware downloads.
Phishing - Phishing attacks attempt to trick a person into clicking a link within a fake email or website so criminals can access a computer or network. A successful phishing attack can allow attackers to access private data, passwords, credit card information, social security and bank numbers. The weakest link in many organizations remain people, criminals know this and that's why phishing is one of the most popular cyberthreats businesses face.
Malware - This is one of the biggest threats to small and medium sized businesses. Malware, short for malicious software, is created to inflict damage on networks and/or gain access to that network and the digital devices attached to it. Most malware breaches network security due to humans that download an infected file by clicking on a bad link placed with nefarious intent by cyber attackers.
Social Engineering - Cyber criminals know the easiest way to gain access to a network or digital device via malware is to trick people into clicking a link. Social engineering is all about manipulating people to divulge private information or click an infected link. These days infected links are disguised by including them in convincing emails, unscrupulous websites, or even legitimate websites that have been infected themselves.
DDoS - Distributed denial of service (DDoS) attacks leverage the power of hundreds or even thousands of infected computers with the intent of crashing websites or entire networks. These groups of infected computers are known as a botnet or bot network. Typically the target is businesses, but personal computers can be used en masse to execute a DDoS attack without the innocent individual even knowing it. If your machine is slow, randomly crashing or presenting error messages, it may be part of a botnet executing a DDoS attack.
Website Hijacking / URL Poisoning - A legitimate site can be compromised by hackers who have set it up to download malware to any device that connects to the site. This type of threat is especially dangerous since legitimate sites are most likely not on a blacklist; thus, this attack can go undetected for literally months. These attacks are quite sophisticated and could be leveraging cross-site scripting (XSS), URL poisoning or a handful of less common techniques to piggy-back malware payloads onto existing downloads.
User-Initiated Website Visit - When a user visits a website and inadvertently downloads malware it infects their endpoint system. This may also have implications for the network which the device is connected to. Sometimes even "safe sites" can be the conduit of malware laced links. However a clear majority of the time, this type of attack is caused by an unprotected endpoint device visiting a known unsafe site. This can happen even on known safe sites in a variety of situations such as website hijacking or URL poisoning.
Email Initiated Infections - These occur when a user clicks on an email attachment or a link in an email, either in error or thinking they are clicking on a legitimate link/attachment. The most sophisticated attacks are nicely formatted emails, looking like they’re from a legitimate source. Links in legitimate looking emails contain an attractive and enticing link that either collects personal data, downloads malware, or deploys a small “dropper” file which calls back to the command server for more instructions. If there is a layer of protection that stops this dropper from transacting with the server, downloading the malware, or completing the infection, the chances of the infection spreading become much more limited.
It's clear that growing businesses must make on-going cybersecurity training a priority for all employees while establishing a multi-layered network security strategy. Proactively keeping employees safe online and using the latest threat intelligence to stop threats before and after they have entered the company network is more important than ever.