X-Industry

SMB’s Need to Prepare for Today and Tomorrow’s Cyber Threats

Posted by Jim McKee on October 16, 2020 at 2:49pm

8042433884?profile=RESIZE_400xSMB’s Need to Prepare for Today and Tomorrow’s Cyber Threats

The cybersecurity landscape presents new challenges at businesses - every day.  Please be aware of these 10 threats to help your business avoid a major attack or breach.  When it comes to securing your network, software, and data from potential attackers, Small to Midsize Businesses (SMBs) have numerous concerns.

Security for increasingly mobile and online-focused businesses is a multifaceted problem, especially for SMBs that lack the dedicated security staff expertise a larger enterprise can afford. SMBs cannot allow the lack of resources to curb their technology initiatives or they risk losing out to the competition.  While it might be harder to navigate the security landscape without an in-house cybersecurity expert, IT admins tasked with protecting their SMB can get the job done by paying particular attention to securing endpoints, encryption technologies, back-ups, and managing employee devices and permissions.

For SMBs, security risks exist both inside and outside the firewall.  The burden falls on both IT managers and business users to avoid compromising security practices and to remain wary of and proactive about common external threats.  The following are ten security risks SMBs face today, and the steps you can take to best mitigate them.

  1. The Pitfalls of BYOD

Mobile Device Management (MDM) is difficult enough when overseeing data access and permissions on company hardware.  But when employees start bringing in personal smartphones and tablets under a Bring Your Own Device (BYOD) policy, admin oversight grows exponentially more complicated.  Android and iOS devices now almost all include Enterprise Mobility Management (EMM) capabilities around app installation, configuration, and permissions.  But employees and managers should remain just as vigilant with proper security practices to accommodate for the element of unpredictable risks mobile devices bring with them.  These risks can include anything from a stray device compromising a company's Virtual Private Network (VPN) to a simple scenario in which an employee leaves their unlocked iPhone in a taxi.

The most efficient way of managing employee devices is to use a centralized security console to manage the BYOD policies of Android and iOS devices in one place.  These tools also include remote-locking and location mechanisms to prevent data compromise on lost or stolen devices.  Beyond the security solution, though, your SMB's BYOD policy should be clear and comprehensive.  That is, employees should know what types of data they should and should not store on mobile devices, be required to set up two-factor authentication (or biometric authentication) if the hardware supports it, and set the bar high when it comes to using complex passwords.

  1. Voice Recognition Exploits

Siri, Cortana, Alexa, Google Now, and the cadre of other Virtual Assistants are popular and common for users to interact with mobile devices.  Addressing business concerns over BYOD, security researchers have discovered a way for hackers to remotely control an iOS or Android device through its voice recognition services without saying a word.  If an iPhone or Android phone has Siri or Google Now enabled, hackers can use electromagnetic radio waves to trigger voice commands using a technique called remote voice command injection.  For SMBs, it is another attack vector through which organizational data can be compromised regardless of whether or not work or personal profile is loaded on the device.

The good news is that a comprehensive MDM solution will notice if the remote command triggers any sensitive data downloads and, with a quick verification ping to the device to determine whether or not the user is authorized, the IT admin can lock the device down.

  1. Cloud-Connected Incursions

Cloud storage is past the point where the cloud platforms are too new or not yet established enough for SMBs to invest in them.  It is nearly impossible for an Internet-dependent SMB to survive today without a reliable cloud platform for customers to access from wherever they are and on whatever device they are using, be it a managed private cloud deployment or a public cloud platform such as Amazon Web Service (AWS) or Microsoft Azure).   Cloud-based, brute-force and distributed denial-of-service (DDoS) attacks are a significant and pervasive threat that can result in countless, high-profile data breaches.

The most integral form of protection is end-to-end encryption.  There is no surefire level of encryption but Advanced Encryption Standard (AES) 256 is a generally accepted standard.  Even if your business data is housed within a secure virtualized environment such as AWS, do not rely on the public cloud provider alone.  A physical and virtual endpoint security solution that layers an additional level of encryption (while scanning for zero-day threats and other attacks) is a worthwhile security investment.

  1. Endpoint Shooting Gallery

Businesses are now storing personal, private, and identifiable data in public, private, and hybrid clouds.  This will cause the physical endpoints to be more vulnerable. Endpoints can mean anything from on-premises workstations and servers to the corporate networks that connect physical or virtual servers to mobile and embedded devices.  Through any available opportunity, hackers and malware can target employee and customer account and financial information, company payroll data, or intellectual property (IP) information regarding new projects and products core to your business success. To shore up those endpoints, there are several worthy software-as-a-service (SaaS) endpoint security solutions available. SMBs should look for a service that can protect all relevant physical machines and operating systems (OSes) across, Linux, Mac, and Windows, and one with the redundancy and scalability to eliminate single points of failure.

  1. Fortify the Firewall

Consider using more than one firewall.  Multiple, interlocking firewalls. Even in a more cloud-based and encryption-focused security landscape, firewalls are still an organization's most important line of defense to prevent malicious attacks. SMBs should deploy secure infrastructure with numerous levels and redundant systems, including a two-way firewall and an interconnected intrusion detection system (IDS) to monitor networks for suspicious activity, both inside and outside the firewall.

  1. All Kinds of Phishing

On average, your customers use far less careful security practices than your SMB and employees do.  Therefore, it is a lot easier for hackers to infiltrate your infrastructure through your customers, more specifically, the transactions that are always present in your relationship orders and payments.

Online banking and payment services are a prime target of malware and phishing campaigns, and a data breach could have ripple effects, not only for the customers and bank but for your business financials as well.  Before engaging a service, your SMB should vet each third-party banking and payment service, but it cannot be responsible for monitoring every single one.

There has been a marked increase in sophisticated phishing scams using Gmail and Google Docs.  Be aware of spearfishing attacks as well, in which customer support emails ask you to change credentials or are sent via fake email addresses to businesses asking for highly personal customer or employee data. The security service you choose should include a global threat intelligence network that uses continuous process monitoring and automated malware detection to mitigate and control any breaches that spill over into your system.

  1. Intruder Quarantine

If a particularly enterprising attacker does manage to get past your SMB's firewalls and through your advanced endpoint encryption, the most effective course of action is to triage the compromised files and cut off their air supply.  Your business security solution should be well-stocked with local and remote quarantine management for both on-premises servers and cloud storage. If an IT security manager is ready with his or her finger on the big red button, you can easily jettison the breached compartments on your SMB train and continue chugging along.

  1. PUAs for All

Potentially Unwanted Applications (PUAs), also known as Potentially Unwanted Programs (PUPs) or adware, are a particularly nefarious form of malicious file, and they are no longer confined to just PCs.  PUAs (and malware in general) are on a steady rise in Macs, so SMBs running entirely on Apple products are not immune from the malicious third-party downloads on which adware thrives.

While PUAs are not as critical a security vulnerability as other types of malware, the ad pop-ups divert attention away from the user flow your site intended and, in bulk, that can impact revenue.  PUAs are also a nuisance to delete and can take several tries using free adware removal tools or Mac and PC troubleshooting steps to finally remove.  To save your SMB the trouble, the security solution your SMB deploys should include PUA detection and remediation tools as part of its malware detection suite.

  1. A Crypto-Ransomware Hostage Crisis

Crypto ransomware has been devastating Android users for some time.  The ransomware locks devices with randomly generated encryption keys and extorts the users for larger and larger sums.  Crypto ransomware is growing more pervasive in complexity and sheer maliciousness, but the bigger problem is that newer strains have begun targeting SMBs.  Recently, the ransomware actors have begun posting private and embarrassing information on the web to encourage a speedy payment.   And often the key is still not provided after the ransom payment has been made.

  1. The Internet of Vulnerabilities

For SMBs, the Internet of Things (IoT) represents a massive network of connected office and industrial machines, embedded devices, and connected hardware and software around business operations (such as manufacturing, shipping, and warehouse management).  The biggest catch with IoT and the one giving SMBs pause is its significantly increased vulnerability to cyberattacks.

The IoT will be a part of all SMB’s in the future but deploying this sort of connected device and machine network should not be done without a holistic IoT security service in place to make sure that your team and network is prepared.  Every aspect of traditional infrastructure security ranging from firewalls and encryption to anti-malware detectors and centralized management should be in place and operational before an IoT network ever goes live.  The IoT introduces countless more endpoints for an SMB to keep secure and make sure each is encrypted and monitored.

Red Sky Alliance has been analyzing and documenting cyber threats for 9 years and maintains a resource library of malware and cyber actor reports.

The installation, updating, and monitoring of firewalls, cybersecurity, and proper employee training are keys to blocking attacks.  Please feel free to contact our analyst team for research assistance and Cyber Threat Analysis on your organization.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com.

 

For questions, comments, or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com    

 

 

[1] https://www.pcmag.com/news/todays-top-10-security-risks-for-smbs?amp=true

Views: 34
Tags: tr-20-287-001, mobile device management, voice recognition, cloud storage, end point, firewall, phishing, potentially unwanted applications (puas), ransomware, lot
E-mail me when people leave their comments –
Follow

You need to be a member of Red Sky Alliance to add comments!