With each year that passes, cybercrime tactics and weaponry continue to advance, and cybersecurity defenses struggle to keep pace. As we approach National Cybersecurity Awareness Month, we are especially cognizant of the importance of staying up to date with best practices to keep businesses secure.
After all, there were over 37,700 ransomware attacks occurring every hour around the world last year. That’s just one threat businesses faced, and continue to deal with day in and day out this year.
For small businesses, the situation is especially dire. According to a study conducted jointly between Cisco and the National Center for the Middle Market, over 50% of small businesses have no cybersecurity strategy or plan in place, and for those that do, most have not reviewed the plan in over a year.
A cybersecurity strategy and plan once created and adopted, must be reviewed at least annually to ensure that current threats are considered.
Cybersecurity is not a one-and-done solution; the threat landscape evolves at a rapid pace and frequent reviews ensure that the plan will help reduce an organization’s cyber risk profile. That’s why you need to be aware of the greatest threats to your business and plan against them.
The Threats You Face
Understanding The Enemy
There are many types of people that threaten small businesses. Both employees and external malicious third parties can cause damage. To understand the attack vectors that can be used against a given small business, owners and managers first need to understand those that wield them.
- Disgruntled Employees: Employees who are dismissed, or feel they have been mistreated by their employers may use their remaining authorized access to compromise business data.
- Human Error: An unaware employee can inadvertently delete a critical file or download dangerous malware by accident, putting the entire business at risk.
- Thieves & Corporate Espionage: A properly motivated employee may be convinced to steal proprietary and sensitive data to share with your competitors.
- Organized Attackers
- Terrorists: Cyberterrorism has been on the rise in recent years, with cybercriminal groups targeting sensitive US organizations.
- Hacktivists: Cybercriminals are also using their methods to target startups and government contractors and expose operations that clash with their political stances.
- Nation-State: Nation-state cyber attacks are unique in their danger because they are often executed with greater resources and near-total immunity from any sort of justice when compared to
- garden variety, US-based hacks.
- Black Hat: This is the conventional type of hacker, which breaks into business networks to steal data for financial gain or to disrupt operations.
- White Hat: This type of hacker works with businesses to break into their systems under controlled conditions, helping them to identify vulnerabilities that need to be addressed.
- Gray Hat: A middle ground between the other two, Gray Hat hackers will break into business systems without the owner’s knowledge, inform them of vulnerabilities, and expect a reward for
- doing so. Business owners who refuse to pay the fee risk having those vulnerabilities posted online.
- Amateurs: These are your basement-dwelling hobbyists, who poke around businesses’ defenses in search of an easy way in. For the most part, they engage in hacking as a way to learn new skills and pass the time.
Common Cybercrime Attack Vectors & Scams
The best way to defend against modern cybercriminal tactics is to understand how they work. No one defensive solution can keep a business protected on all fronts — comprehensive cybersecurity is a matter of knowledge and tools.
The following are the key threats small businesses face today:
Social Engineering: Cybercriminals keep relying on the same tactics because users keep falling for them without learning the skills needed to protect against them. The fact is that the greatest cyber threat businesses face today isn’t hackers exploiting software vulnerabilities — it’s their staff.
By using manipulative tactics to trick employees into sharing sensitive information like usernames and passwords, hackers are gaining access to valuable data, and it’s costing businesses a lot of money.
- Denial-of-Service/Distributed Denial-of-Service (DoS and DDoS) Attacks: This method floods your business’ systems with multiple data requests, resulting in lags and crashes.
- Internet-Facing Vulnerabilities: Any system that is connected to the Internet is at risk — that includes business networks, remote users with VPNs, cloud applications, and everything in between. Cybercriminals will target these types of systems, looking for unpatched and out-of-date infrastructure, as well as exposed Remote Desktop Protocol (RDP) connections. Protecting against these types of threats means implementing a vulnerability management program.
- Exploited System Administration Tools: As networks grow and systems become ever more connected, abuse of system administration controls has become more dangerous. These tools are already installed on systems, and once a cybercriminal has access to them, they can deploy viruses and malware with ease.
- Ransomware: Datto recently released their Global State of the Channel Ransomware Report, developed from statistics reported by over 1,400 survey respondents. 85% of MSPs report ransomware as the most common malware threat to SMBs, and an average of 1 in 5 businesses report being a victim of a ransomware attack.
- Phishing: This is the practice of sending fraudulent emails that resemble emails from reputable sources. The intent is to get the target to do something (open an attachment, click a link, give sensitive data like credit card numbers and login information). It’s the most common type of cyber attack.
- Zero Day Hacks: This method takes advantage of a security vulnerability before the vulnerability becomes generally known (i.e., there are zero days between the time the vulnerability is discovered and the first attack).
Detection Is Just As Important As Protection
You cannot just passively protect your IT assets and expect to stay safe. Effective cybersecurity also requires active monitoring of incoming threats.
Key components of your detection capabilities include:
Antivirus software is used in conjunction with a firewall to provide defense against malware, adware, and spyware. Each of these cybercriminal tactics has the potential to do immense damage to internal processes and a company’s reputation.
The job of antivirus software is to spot, block, and isolate intrusive, malicious applications so they can’t do damage to your data and legitimate software.
Antivirus is installed to protect at the user level, known as endpoint protection, and is designed to detect and block a virus or malware from taking root on a user’s computer, or worse, accessing a network to which the user is connected.
These types of solutions should be used in combination with antivirus software to defend against common malware threats.
This is the practice of monitoring IT systems (through both automated tools and manual oversight) to identify potentially dangerous events and address them before they become serious threats.
Intrusion Detection & Prevention
These systems can further improve event monitoring efficacy by scanning for known security events and raising the alarm when they are identified.
Threat monitoring is the practice of staying up to date on the latest cybercrime attack vectors. This is a key part of Cybersecurity Awareness Training and ensures your staff actively contributes to organization-wide detection processes.
The Limitations Of Perimeter Security
When we talk about perimeter security, we’re referring to that “Prevent” level from above. In network security, this means a simple firewall and antivirus. This is where many small businesses stop with their cybersecurity initiatives.
Unfortunately, this is simply not enough to defend against modern threats. Case in point: the zero-day attack.
Some of the worst data breaches are based on “zero-day exploits”, which are based on exploits found by hackers but not by the developers, leading to severe security risks and an immediate need for patching.
A recent example of this type of attack is the Kaseya Ransomware attack. On July 2, 2021, a number of Kaseya VSA servers were used to deploy ransomware.
Kaseya VSA software is a remote monitoring and management tool used by IT managed service providers to provide services to their clients. By design, these tools have administrative access to all systems they manage, making this breach particularly dangerous and damaging.
The Dutch Institute for Vulnerability Disclosure (DIVD) revealed it had alerted Kaseya to a number of zero-day vulnerabilities in its VSA software (CVE-2021-30116) that it said were being exploited as a conduit to deploy ransomware. The nonprofit entity said the company was in the process of resolving the issues as part of a coordinated vulnerability disclosure when the July 2 attacks took place.
Long-term consequences for affected businesses will likely include extensive data loss, long-lasting downtime, and high costs for recovery. For example, a grocery store chain affected by the attack had to close down 800 stores while they dealt with the infection.
The #1 Cybersecurity Measure That Business Owners Overlook
In addition to zero-day exploits, users can also render perimeter defenses meaningless. Did you know that more than 90% of cybersecurity incidents can be traced back to human error?
What your employees know about cybersecurity, and how securely they use IT can directly affect the future of your business. If you’re breached, the best case scenario is thousands, if not millions of dollars in damage.
You can’t expect a firewall and antivirus solution to keep you 100% secure. Cybercriminals know that the user is the gap in a business’ cyber armor—that’s where they’re going to aim.
That’s why cybersecurity awareness training is such a worthwhile investment. It turns your most dangerous weakness into a key strength.
Your Users Will Nullify Your Perimeter Defenses
The fact is that what you (and your staff) don’t know could hurt you. If your staff isn’t up to date on the latest cybercrime scams, then they’re putting your data at risk, simple as that.
Due to their level of access, an unaware or malicious employee can do a lot of damage:
Users can be tricked or phished into handing over credentials and access
Users with local admin rights can inadvertently install malicious software
Internal bad actors can work to sabotage or bypass systems
Beyond protection and detection, you also have to consider how you’ll respond to an attack…
What Is Your Response Plan?
If you think you may have been the victim of ransomware, phishing, or another type of cybercrime, your first step is to get in touch with your IT support immediately.
If you haven’t already, don’t hesitate to hire professional cybersecurity experts. Hardening your systems against attacks and thereby making yourself a harder target for cybercriminals is absolutely critical.
Beyond that, make sure to follow these three steps:
Isolate The Damage
Your first move when an attack occurs is to isolate the computer from the network to prevent further access.
Remove the network cable from the tower or laptop and turn off your networking functions (the Wi-Fi settings). Do this manually even if you have security software that claims to shut down the connection for you.
You also need to shut down your computer to prevent damage to your hard drive. Ideally, your anti-virus and anti-spyware will prevent the attacker from getting that far, but you still need to remove it from the computer to protect it fully.
Resetting your passwords is also critical. You should be sure to create entirely new passwords and avoid re-using them at any point. Don’t forget to check any accounts linked to your computer, including social media profiles, email accounts, online banking, and any other potential targets.
The incident response plan should carefully detail procedures on incident response engagement and how the incident response team will communicate with the rest of the organization, with other organizations, and with law enforcement and provide guidance on federal and local reporting notification processes.
This plan is necessary to clarify the roles and responsibilities of your employees so you can quickly mitigate risks, reduce the organization’s attack surface, contain and remediate an attack, and minimize overall potential losses.
A key consideration you may have already thought of is cybersecurity insurance. Have you managed to qualify for coverage yet?
You Can’t Ignore Cybercrime And Hope It Goes Away
In summary, there will never be a way to be 100% protected from an attack, or worse, an actual breach. However, by implementing the proper security measures, training, and constant re-evaluation of these security measures, the risk of being breached (or suffering extensive damages in the aftermath of a breach) can be dramatically reduced.
Get in touch with the Onsite Logic team to discover more about developing a proper cybersecurity defense.