Cyberattacks on Small to Medium-sized businesses (SMBs) are continuing at a relentless pace for 2020, with most data breaches coming from outside the organization. Cyber-attacks are up and average 75% since the Corona pandemic. Cybersecurity analysts believe hackers are specifically targeting these smaller firms because they know SMBs lack adequate resources and enterprise-grade security tools, making them easier prey than larger businesses.
A new report from Cisco counters this misconception. SMBs have made significant strides enhancing their security protocols and are closing the gap with their bigger counterparts. Cisco notes 87% of SMB business owners rank security a top priority, and more than 99% have a dedicated resource focusing on security.
SMBs are also becoming more diligent about defining metrics to assess their security effectiveness and implementing security controls and tools at rates like large enterprises. The development of security solutions developed specifically for SMBs is supporting this trend. Security technical services providers, such as Red Sky Alliance, are now offering affordable services that cover multiple attack vectors, making it easier and more cost-effective for SMBs to improve their defenses. And keep the attackers out of their networks before they can breach them.
The increased focus on security and better implementation of cybersecurity solutions among SMBs are certainly positive developments. With enterprise-level protection now available to literally any size organization, the threat can be dramatically minimized for any size organization. Even with improved technology to reduce threats, the human factor is still a significant concern; one single misstep by an employee can cause a breach that leads to a major security incident. To achieve a truly effective security posture, SMBs must put systems in place to minimize human error that can turn a mistake into a security disaster.
The Psychology of Human Error
The truth is: humans make mistakes. Added to the normal daily stress, we have a pandemic in full force. A recent study found that 88 percent of data breaches can be linked to human error. That does not necessarily mean that humans are the only "weak link" in your organization's security, but it is important to understand how and why they make these all-too-human errors. As the study notes, employees have psychological reactions to stimuli and judgment that make them likely to commit errors and be susceptible to manipulation.
Hackers use social engineering attacks like phishing to take advantage of these human tendencies, cleverly manipulating users into giving up sensitive information or downloading and running malware onto their work devices. Even lower-skilled hackers carefully disguise these phishing emails to circumvent security measures like spam filters, with requests for sensitive data or access often appearing to come from a trusted colleague. Because we have little resistance to following our colleagues' requests, it is possible for a normally security-savvy team member to click on a malicious link or send sensitive information that has been requested by a higher-level employee as required ASAP. Covid-19 has been the subject line of many phishing emails this year.
Any seemingly innocent clicks can make ransomware a growing threat; take the recent cyberattack that successfully disrupted Garmin Connect, flyGarmin, and Garmin Pilot, resulting in days-long outages. Garmin reportedly paid the multimillion-dollar ransom to restore functionality across their network of users.
Massive attacks like these are the ones that get media mileage, yet SMBs are not immune. Almost half (46 percent) of SMBs have been targeted by ransomware, and nearly three out of four victims have paid a ransom to restore control of their systems.
Addressing the Issue
There is a critical need to adopt technical solutions that protect vulnerable areas where humans interact with possible risks. For example, installing security solutions on each workstation, especially with so much of the world's business being done remotely can protect against attacks that could occur over the course of a typical workday. Services such as Red Sky Alliance’s RedXray cyber threat notification service can alert these attacks on employees’ computers working from home. A big step for the future of telecommuting and employees who are not interested in returning to an in-office environment.
The human element must be considered when assessing any security strategy. Staff education and training are crucial. Team members must know how to use the organization's technical resources securely and properly. At the same time, cyber threat managers must be able to recognize social engineering attacks or dubious networks and devices. Frequent real-time training and phishing testing can help develop this security-first mindset. No one wants to be caught doing something stupid by the “Phishing Police.”
SMBs can now access enterprise-strength security solutions at price points that are affordable, they can also take advantage of security apps and services that minimize human input into certain tasks. Credit card acceptance and processing of payments can be accomplished with no human intervention. An inexpensive credit card solution is to use a trusted third-party payment processor that allows customers to securely pay for orders and invoices without requiring human staff to access and handle customer financial data.
Committing to Improvement
Cyberattacks are part of today's business landscape; it is a threat as real as fire, theft, or any other possible loss. Regardless of their size, businesses are more focused than ever on making cybersecurity a priority for their organizations. This improvement in mindset, especially among SMBs is important. The availability of affordable tech solutions should enable more SMBs to secure their infrastructure.
Beyond these initial measures, SMBs must be more vigilant about managing the human element of security. Simple human error continues to present a very real risk. Training, automation, and using solutions that cover previous security blind spots will help develop that critical security-first mindset.
Red Sky Alliance has been analyzing and documenting cyber threats for 9 years and maintains a resource library of malware and cyber actor reports.
The installation, updating, and monitoring of firewalls, cybersecurity and proper employee training are keys to blocking attacks. Please feel free to contact our analyst team for research assistance and Cyber Threat Analysis on your organization.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com.
Red Sky Alliance can help protect with attacks such as these. We provide both internal monitoring in tandem with RedXray notifications on ‘external’ threats to include, botnet activity, public data breaches, phishing, fraud, and general targeting.
Red Sky Alliance is in New Boston, NH USA. We are a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com
- Reporting: https://www.redskyalliance.org/
- Website: https://www.wapacklabs.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Comments