Two-thirds of SMBs have been hacked. How can you avoid being next?

SMBs are becoming a favorite target of cybercriminals. Nearly 70% of SMBs say they have suffered a cyberattack – and ransomware is one of the most common¹. With almost half of ransomware victims not aware they’ve been hit until too late (over 24 hours later)², equipping yourself with the equipment and knowhow to prevent these threats is imperative. We’ve written this FAQ based on the most common inquiries we receive from SMBs on why they get attacked and what best practices can prevent the spread of computer virus to keep their data safe and avoid becoming a victim.

Q: Why are more and more cybercriminals attacking SMBs?

With most larger firms already having invested in advanced cybersecurity, smaller businesses are now bigger targets for cybercriminals. Similarly, SMBs often don’t have the awareness or IT manpower to deal with an attack – in fact, according to a survey, nearly 80% of SMBs targeted by ransomware attacks paid out a ransom. The survey also found that B2B firms are especially favored prey, with over half of them saying they’d been hit by ransomware³.

Why are SMBs unprepared? In our experience, it’s usually because they’re under the misconception that getting proper defenses in place will be too expensive or disruptive. Spending less on cybersecurity protection now means you’re likely to spend much more later, with ransomware attacks and intrusions occurring over and over again.

Q. What are hackers interested in my company?

Their top priorities are simple: ransoms and your company’s data. And to get either of these, they need to first paralyze or infiltrate your system. Some types of information, like government ID numbers and credit cards, have either already been widely shared on the dark web or are now surrounded by difficult-to-penetrate protections. By contrast, SMBs are a treasure trove of data that can be exploited for identity fraud and similar crimes, such as information on financial transactions, travel history, purchasing activity, family members’ names, and identity credentials.

Q. How is my business vulnerable to attacks?

An employee opens an unsolicited attachment or follows a suspicious link; a company doesn’t frequently upgrade and patch its systems; a network is not segmented with different access authorization for each user group – these are what hackers exploit to get inside a network. Notorious ransomware like LemonDuck and REvil leverage technological vulnerabilities while those like Ryuk target people, utilizing phishing campaigns and highly sophisticated multi-level attacks.

The best policy is to trust nobody. When using any third-party service or dealing with a customer externally, set security policies to ensure these interactions don’t become attack vectors.

Q. We don’t have dedicated security staff or enough knowhow. What can we do?

Pre-pandemic, remote desktop protocol (RDP) and phishing were the two most common attack types, and work-from-home has only exacerbated these vulnerabilities. Even with the hiring of additional IT staff, ensuring your security appliances and services are up to date is essential to building effective defenses.

A VPN is one of the best ways to eliminate RDP attacks, but email or website phishing requires more sophisticated layers of protection such as IP and URL detection, endpoint antivirus, and email scanning. That’s also where staff training comes in. Cybercrime gangs like LockBit not only use advanced social engineering to convince employees to install malware on their computers but also recruit employees to breach corporate networks – so get your employees prepped and aware.

Q. What should I look for when picking security appliances and services?

Given the cunning, rapidly changing nature of ransomware, shop for devices that support multifactor authentication and network segregation. Next, ensure your security solution is easy to use for staff, always active, and constantly updated in real time. The services supporting smart and automated technologies can make your security protection much easier, more timesaving and precise. Cloud-based security is increasingly popular exactly because it keeps users always up to date in cyberthreat defense and prevention. Finally, consider utility: your solutions should provide monitoring and threat intelligence that are insightful while also being simple to understand and act on.

Five best practices for preventing malware attacks:

1. Use advanced threat protection technology like sandboxing to scan emails, endpoints, websites, and external drives
2. Regularly check accounts to identify abnormal activities in advance and back up business data, with copies on multiple storage devices, both online and offline
3. Keep all computers and devices fully patched and up to date
4. Only open files and follow links that are from trusted sources
5. Separate and restrict employees’ administrative privileges and set strict access policies like multi-factor verification

Sources:

1. https://www.keepersecurity.com/assets/pdf/Keeper-2018-Ponemon-Report.pdf
2. https://mypage.webroot.com/rs/557-FSI-195/images/21Q3_C%2BW_Chapter%201_Ransomware_EB.pdf?sc=7013i000000ciZ9AAI
3. https://www.infrascale.com/press-release/infrascale-survey-reveals-close-to-half-of-smbs-have-been-ransomware-attack-targets/