Hackers are finding it more and more difficult to compromise larger enterprises and are shifting their attention elsewhere. Guess who they’re targeting
Small-to-mid-sized businesses (SMBs) are now in the cross hairs.
As an SMB, you may not be concerned because you don’t think you have much worth stealing. In many cases that may be true but you do have a lot to lose if you do get hacked.
The risk is less about theft and more about the damages that come from a breach. For example, if your company shuts down because the IT assets have been frozen until a ransom is payed, you’re looking at (1) lost productivity (2) lost revenues and (3) reputational damage to the firm.
Recently, three Alabama hospitals in the same health system were forced to close their doors to new patients the night of an attack and are still operating under downtime procedures. Experts are calling this latest wave of “disruptionware” as an emerging category of malware.
According to the New York Times, “More than 40 municipalities were cyberattack victims last year. Tbe cities ranged from major cities like Baltimore, Albany and Laredo, Tex., to smaller towns like Lake City, Fla.
Lake City is one of the few cities that paid a ransom demand — about $460,000 in Bitcoin. They decided that rebuilding their systems was more costly than paying the ransom.”
In another scenario, hackers could use your credentials to access a client’s or vendor’s system. If they succeed, you could be liable for the breach. Your restoration costs could include legal fees, any imposed penalties, notifications to those affected, any required forensic investigations, losses created from reputational harm, as well as possible damages to third parties. The high-profile Target breach was made possible by hacking the credentials of a local HVAC vendor/partner. Their credentials opened up a pathway to Target’s customer information.
Also, social engineering is prevelant. Social engineering is when bad actors pose as someone you know and trust. They ask for you to give them money or they may try to con you out of funds posing as a charitable organization. If you fall for their ruse, there is no theft because you willingly gave them the funds.
WHAT CAN SMALL BUSINESS DO ABOUT IT?
- Keep your software patched. Over a third of successful attacks leveraged unpatched software.
- Train yourself and employees how to recognize social engineering attacks. Individual users/employees are the top carriers of the “virus.”
- Whenever possible, use multi-factor authentication. Even if credentials get stolen, the ability of bad guys to use them is limited because they don’t have access to the second factor. The day 2-factor authentication was implemented at gas pumps across the country, a 94% reduction in gas fraud was noted over night!
- Maintain current IT assets, appropriate cyber tools and layered security.
- Include cyber as part of your overall risk assessment process.