Most Common Cyber Security Threats – Forbes Advisor
Editorial Note: We earn a commission from partner links on Forbes Advisor. Commissions do not affect our editors’ opinions or evaluations.
Cyber threats are notorious amongst billion-dollar companies, but they’re not alone. Small- and medium-sized businesses (SMBs) are also victims of the most common cyber threats—and in some cases, more commonly as SMBs tend to be more vulnerable with fewer security measures in place. In fact, last year, 1-in-5 breach victims were SMBs—with a medium-cost of losses at $21,659, according to the 2021 Verizon Data Breach Investigations Report.
While attacks may seemingly happen overnight, the majority take days, if not weeks or even months to be discovered. In return, highlighting one of the biggest challenges small businesses face when it comes to cybersecurity: awareness and available resources to defend against the threat actors. In order to overcome these challenges, the key is to know what you’re up against so we put together the top cyberthreats SMBs face.
In addition to good security practices and training to keep your data safe, it can be worth employing the assistance of third-party software and tools to added protection. For example, it’s advisable to use one of the top antivirus providers to help further safeguard your site and monitor for potential threats, as well as a VPN to keep your web activity private.
The Top Four Cyberthreats Facing SMBs
1. Ransomware
Ransomware can come in many shapes and sizes, but it all functions with the same basic concept: You must pay a ransom in order to gain access to your data. Oftentimes, attackers follow with a second ransom in order to keep stolen data from being sold online.
If you’ve been following cybersecurity news, then you’ve probably heard of one of the many high-profile ransomware attacks. The Colonial Pipeline attack was the most recent example of this, with a nearly $5 million ransom being paid in order to regain access to files and data. Similarly, the city of Baltimore was hit by ransomware in 2019, forcing the city to stop processing all payments in and out.
Ransomware is typically the final step in the cyberattack process. It is the payload that is deployed after an attacker gains access to the victim’s network. The first step into a network typically involves some sort of phishing, social engineering or web application attack. As soon as they have a foothold in the network, they can start to deploy ransomware to all the endpoints they can reach.
How To Protect Yourself
While there is no one-size-fits-all approach to ransomware prevention, a strong defense against this attack is to prevent that initial breach. Research shows that small businesses received 94% of their detected malware by email. Educating your workforce about these attacks and how to identify them is vital to preventing financial loss and downtime due to ransomware.
Ransomware prevention is a difficult task, and usually involves a combination of several mitigation techniques. Unless the attacker is feeling particularly virtuous that day, not much can be done to prevent a ransomware attack after the network is compromised. However, there are several strategies that can limit the damage of a ransomware attack.
Network segmentation, frequent backups and a strong incident response process can limit the number of systems affected by a ransomware attack. This can be the difference between paying a hefty ransom and simply restoring the few encrypted systems from backups.
Network segmentation is the practice of separating the branches of your organization’s network, typically through the use of firewall rules. For instance, many organizations disallow the printers on their network from initiating traffic with workstations and servers. This prevents an attacker from taking hold of your entire network if a single device is compromised.
Backing up your data and maintaining a strong incident response policy are always good ideas, regardless of the context. When it comes to ransomware mitigation, keeping good backups in a safe location can be the difference between paying a ransom of thousands of dollars and quickly identifying a breach and restoring your data after a brief period of downtime.
2. Misconfigurations and Unpatched Systems
Security misconfigurations arise when security settings are not defined and implemented, or when default values are maintained. Usually, this means the configuration settings do not comply with the industry security standards such as CIS Benchmarks or OWASP Top 10. Misconfigurations are often seen as an easy target, as they can be easy for attackers to detect.
Misconfigurations can be much more than an accidental firewall rule. Some of the most common misconfigurations are unpatched systems, broken access control, sensitive data exposure and vulnerable and outdated components. Attackers can purchase tools from deep web marketplaces to scan for these vulnerabilities, much like a penetration testing contractor could do for your organization.
How To Protect Yourself
Addressing misconfigurations requires a multifaceted approach across your entire security stack. Patch management is a great first step to clean up the “low-hanging fruit” that these automated attacks look for. Many automated tools can scan for outdated applications and missing patches, making remediation more efficient.
Proper cybersecurity training for your technical staff is also a great way to minimize the chance of a misconfiguration sticking around too long. A well-educated technical team will obviously be less likely to make mistakes, but will continue to make better, more experienced decisions about the organization’s security posture.
3. Credential Stuffing
Credential stuffing happens when an attacker uses stolen credentials from one organization to access user accounts at another organization. These credentials are typically obtained in a breach or purchased off of the dark web. You may have seen news stories about Disney Plus accounts getting hacked, yet Disney found no evidence of forced entry. This is because credential stuffing simply involves logging into a victim’s account with their own username and password.
Unfortunately, due to the ease of execution, this type of attack is becoming increasingly common. With the rise of dark web marketplaces in the last decade, cybercriminals are able to simply place an order for a dataset of valid usernames and passwords just like you’d order a new book on Amazon.
Once they obtain a list of usernames and passwords, hackers can recruit an automated network of bots to attempt to log in to services such as Microsoft 365, Google, AWS or anything else. If they find a credential set that works, they’ve successfully gained access to that account with little to no trace.
The success of these attacks relies on personal password reuse by an organization’s employees. A 2019 Google survey found that 65% of people reuse passwords on multiple accounts, if not all of them. This only perpetuates the likelihood of a credential stuffing attack.
How To Protect Yourself
The good news is that this type of attack is preventable if you implement multi-factor authentication and limit password reuse. With multi-factor authentication, the attacker must also have access to the victim’s phone in order to access the account—even if they log in with valid credentials. Likewise, limiting password reuse will nip a credential stuffing attack right in the bud. This introduces more passwords to keep track of, but will eliminate the threat to your vital systems when a popular streaming service suffers a credential breach.
Implementing a security policy that requires the use of a password manager is key to keeping track of all these passwords. Password managers work by storing your passwords in an encrypted vault secured with a “master password”—giving you just one important password to remember. They eliminate the need to remember several strong passwords, which allows you to use a unique strong password for every account.
4. Social Engineering
Social engineering isn’t the breach of a system, but rather the compromise of a person, which causes them to unknowingly release confidential information. This most commonly takes the form of an email phishing attack in which the individual is tricked into downloading malware or giving up their credentials. Typically, social engineering is the first step in a multistep cyberattack.
What’s more concerning is that over 70% of social engineering and phishing incidents are discovered by external parties. This means that when employees are falling for the bait, they usually don’t realize they’ve been hooked. On top of that, attackers are constantly coming up with new ways to evade automated security tools.
How To Protect Yourself
Social engineering comes in many variations, which makes it a challenge to prepare your organization for everything that gets thrown at it. Luckily, the best way to prevent a social engineering attack is with a strong cybersecurity awareness training program. Engaging and educational security content will not only prepare your employees for what they’ll see, but it can shift the culture of your organization to a security-first mindset.
Bottom Line
There is no singular approach to minimizing the human risks that lead to breaches. Employees will need to browse the web, open emails and even answer the phone with a healthy amount of suspicion. An organization with a strong cybersecurity culture is an organization with a small social engineering attack surface.
With 60% of small businesses closing within six months of a cyberattack, improving your security posture isn’t just logical, it’s vital to the survival of the organization. Maintaining up-to-date backups, regularly updating software and adequately training your employees can make the difference between business as usual and closing up shop.
For more information about keeping your organization secure, the U.S. Cybersecurity & Infrastructure Security Agency maintains a collection of resources for SMBs.