X-Industry

Hackers Still Target the SMB Market

Posted by Jim McKee on July 30, 2020 at 2:25pm

7160138080?profile=RESIZE_400xResearchers say it is estimated that more than 70 percent of cyberattacks target hit small businesses, many resulting in the demise of the business.

Small and midsize businesses (SMBs) are often easy targets for hackers.  A smaller company, with a limited cyber threat defense budget, is less likely it to use multi-layered defenses that block hackers in today’s cyber environment.  SMBs often think they are protected with one layer of security, such as a firewall, anti-virus, or a simple backup.  In all honesty, there is no single solution for 100% protection.  The key to a robust cyber resilience strategy is to layer all these solutions to protect a company from multiple threat vectors and multiple points of vulnerability.

Another area where businesses tend to fall short is security awareness training.  The single greatest cybersecurity weakness is the user.  Many employees do not know how to identify suspicious activity like phishing links or scams.   This is because they do not know what to look for or what could be suspicious activity.  As cyber actors have become more successful, some hackers specialize in breaching specific business types or industries, refining their expertise with each new attack.

All businesses are targets for cyber actors.  Some industries are targeted more frequently than others.  Finance and healthcare are especially attractive targets because of the value and sensitive nature of the data they store.  The types of businesses that hackers are increasingly targeting include:

Managed Service Providers:  MSPs house valuable data for multiple customers across many industries, which makes them desirable targets.  Hackers use a technique known as “island hopping,” in which they jump from one business to another via stolen login credentials.  MSPs and their SMB customers are both potential targets of these attacks.

Healthcare organizations: Hospitals, physical therapy offices, pediatricians, chiropractors, and other healthcare practices are easy targets for cybercrime because they can have such chaotic day-to-day operations, and often lack solid security practices.  Medical data and research is extremely valuable and thus why the US is protected by the Health Insurance Portability and Accountability Act (HIPAA) of 1996.  Criminal hackers do not care about laws; they are hackers.  Patient records alone can sell for up to $1,000 or more on the dark web.

Government agencies: There are many reasons that cybercriminals, particularly state-sponsored terrorists, might target local and national governments. Small governments and local agencies generate terra bytes of sensitive information, while large governments can be victims of nationwide disruption, either for financial gain or sheer destruction.  Regardless of size, local, state and federal systems are many times connected via procurement and grant sharing fund networks.  Small city governments nearly always must pay ransomware demands if their city services are in jeopardy and lives could be at risk.

Financial Institutions:  Banks, credit unions, and other financial institutions have long been targets for hackers due to a wealth of data AND money.  In 2018, over 25 percent of all malware attacks targeted banks more than any other industry.  Recently, automation has further enabled cybercriminals to run advanced attacks on financial institutions.  Remember the quote from the infamous bank robber Willie Sutton when asked why he robbed banks?  He said, “I rob banks because that is where the money is.”  The same holds true for criminal hackers.

Celebrities, Politicians, and High-profile Brands:  Hackers, who are usually politically, economically, or socially motivated - like to seek out politicians, celebrities, and other prominent organizations as targets.  They may even attempt to embarrass public figures or businesses by stealing and disseminating sensitive, proprietary, or classified data to cause public disruption or for private financial gain via blackmail.

If you have something hackers want, you are a target.  No one is immune.   Business data, bank account information, credit card numbers, and anything that could be considered personal, private or financial is especially valuable.  Hackers are intent on leveraging anything for a profit.  Protecting business data can be straightforward.

Here are a few tips that can help prevent a hacker from holding your data hostage:

Think like a hacker.  Cybersecurity awareness training with phishing simulations is a vital component of an effective protection strategy.  In fact, a recent report from Webroot showed that user training at frequent intervals 11 or more courses over a four to six-month period reduced clicks on phishing links by 65 percent.  Understanding hacker practices and motivations can help employees identify potential threats and thwart attacks.

Institute Consistent Policies:  With the proliferation of free online storage and file sync services, it is not unusual for an employee to store sensitive business files unencrypted in the Cloud.  This is very risky for businesses because there is no way to verify the security of these free services.  In addition, the passwords employees use to access these services are often far less secure than official company password policies.  This makes online storage services easy targets for hackers.  It is important for businesses to always maintain control over where critical business data is kept.   The only way to do this is to have consistent policies for storing company data in a manner that does not expose sensitive information to unnecessary risks.

Prevention, recovery, and resilience:  Being resilient in the face of cybercrime does not just mean having powerful, automated endpoint threat detection in place.  It also means having the ability to recover if an attack circumvents your perimeter security.  It is very important to develop and maintain a strong disaster recovery strategy (Continuity of Operations, or COOP) in place so you know you can keep systems online when there is a disruption to your business and services.  The best defense is preparation.  This means preventing attacks and planning your recovery proactively, so you can be ready to resume operations immediately at the first sign of trouble.

Hackers are always adapting their methods to catch victims when they least expect it.  Therefore, it is necessary to use a multi-layered approach to protecting your networks.  This includes advanced threat intelligence at the perimeter in the form of antivirus, security awareness training at regular intervals to strengthen your weakest link (employee users), and Cloud backup to ensure you always have access to the data that fuels your business.

Red Sky Alliance has been analyzing and documenting cyber threats for 8 years and maintains a resource library of malware and cyber actor reports. 

The installation, updating, and monitoring of firewalls, cybersecurity and proper employee training are keys to blocking attacks.  Please feel free to contact our Red Sky Alliance analysis team for research and cyber assistance, or for a demo on our RedXray and our Cyber Threat Analysis Center tools.

What can you do to better protect your organization today?

  • All data in transmission and at rest should be encrypted.
  • Proper data back-up and off-site storage policies should be adopted and followed.
  • Join and become active in your local Infragard chapter, there is no charge for membership. infragard.org
  • Update disaster recovery plans and emergency procedures with cyber threat recovery procedures. And test them.
  • Institute cyber threat and phishing training for all employees, with testing and updating.
  • Recommend/require cybersecurity software, services, and devices to be used by all at home working employees and consultants.
  • Review and update your cyber threat and information security policies and procedures. Make them a part of all emergency planning and training.
  • Ensure that all software updates and patches are installed immediately.
  • Enroll your company/organization in RedXray for daily cyber threat notifications are directed at your domains. RedXray service is $500 a month and provides threat intelligence on nine (9) cyber threat categories including Keyloggers, with having to connect to your network.  Ransomware protection is included at no charge for RedXray customers.
  • Purchase annual cyber insurance coverage from Red Sky Alliance provided by Cysurance.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  For questions, comments, or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com.

Interested in a RedXray demonstration or subscription to see what we can do for you?  Sign up here: https://www.wapacklabs.com/redxray     

Views: 58
Tags: smb, small medium business, cyberattacks, store closures, solutions
E-mail me when people leave their comments –
Follow

You need to be a member of Red Sky Alliance to add comments!