What all SMBs need to know about cyberattacks: explore the reasons behind the rise in targeted attacks

The 2012 Data Breach Investigations Report published by the Verizon RISK Team revealed that there were 855 data breach incidents and 174 million compromised records that occurred in 2011. Compared to the 2011 investigation report, there was an increase of 94 data breach incidents and a staggering 170 million records compromised. These alarming statistics show that well-executed cyberattacks resulting in a successful data breach have nearly doubled in the past year. Today, the threat of cyberattacks continues to monopolize news headlines around the world, as cybercriminals increasingly use the web to deploy a massive generation of malware exploits. Cyber ​​attacks have now become a frequent and costly incident with an increasing number of companies becoming victims of at least one data breach in the last year. According to the Ponemon Institute, “The chances of an organization being hacked in a 12-month period is a statistical certainty and businesses of all types and sizes are vulnerable to attack.”

But as large enterprises begin to increase their security net posture in response to the daily onslaught of attacks, small and medium-sized businesses (SMBs) now become weak and easy prey. As more and more SMBs rely on the Internet to reach and communicate with customers, hackers can broaden their target base and take advantage of small businesses that have inadequate and poor security measures. According to the Verizon Risk Report, major cybercriminals have continued to automate and simplify their method of high-volume, low-risk attacks against weaker business targets. The collective susceptibility of businesses to cyberattacks is a significant economic security challenge for every nation in the world. However, a successful data breach can prove more financially devastating for a smaller organization in terms of quick recovery. Baer Insurance Services, a leader in providing protection to small businesses, estimated that “60% of small businesses targeted by a cyberattack went out of business permanently within six months. Many of these businesses delayed necessary improvements to their cybersecurity protocols until it was too late because they feared the costs would be prohibitive.” By almost any measure, SMEs have a major impact on the economic security of a nation as a whole. As a major force driving innovation, SMEs also outpace the largest companies in net job creation, employing nearly half of all private sector workers. Although many small businesses have had considerable financial success operating effective e-commerce to gain a competitive advantage in the global marketplace, cybercriminals are making the Internet much riskier and more dangerous for business owners.

The National Cyber ​​Security Alliance reports that a large percentage of small business owners still operate under a false sense of cybersecurity and 85% still believe they are immune to security breaches. More concerning, 53% of small business owners believe the threat is not worth the high cost in time and money to fully secure their business. Small business owners are not fully aware of the true motives of cybercriminals and their ultimate goal to control smaller websites to spread malware infections, operate scams, obtain corporate intellectual property, and steal sensitive information from customers and online bank accounts. . In addition to the fact that SMBs can become victims of data theft by managing sensitive information that is of interest to hackers, small businesses can also unknowingly help perpetuate cyber fraud through the use of unsecured computers. , which hackers can infiltrate and use to attack other users online. business

Additionally, Advanced Persistent Threats (APTs) deployed by organized criminal groups have been a growing trend in recent years. In a Dark Reading article, it was revealed that “Cisco Security Intelligence Operations has reported a significant increase in the number of unique instances of malware it is finding, an indication of APTs under development or implementation. And while large, well-armed companies such as Google , RSA, Sony and Lockheed Martin have all come under attack, there are signs that APTs may be targeting smaller, less protected organizations to get to their ultimate goals.” Cybercriminals target small business websites because small businesses traditionally rely on antivirus applications or consumer firewalls to protect networks, and often lack the resources and technical knowledge to deploy a security technology. effective network security and threat management protocols. For website owners who have been penetrated by malicious hackers, the cost of malware remediation comes at a painful price, as well as lost business opportunities. Unexpected lawsuits, fines, negative publicity and loss of valuable data can also tarnish business reputation and further disrupt business operation. Nearly 41% of companies surveyed by the Ponemon Institute reported that security breaches have cost at least half a million dollars, when costs such as cash outlays, business interruption, lost revenue, internal labor, and costs are taken into account. general expenses. 59% revealed that information assets were the most serious consequence of a security breach, followed by the interruption of business operations.

Small businesses in general are easy targets for cybercrime and are more plentiful prey. There are 25 million companies to target in the business world compared to the US profit 500 listed in Fortune magazine. In the National Cyber ​​Security Alliance survey, 85% of SMBs believed they were less of a target for cybercrime than large enterprises and 54% believed they were better prepared to protect sensitive customer and business data than large enterprises. bigger companies. However, initial statistics from Visa Inc. paint a different reality, as 95% of the credit card violations Visa has discovered come from its small business customers. The growing number of cyber intrusions targeting small businesses can be attributed to a number of unique factors and challenges. Small businesses are still lagging behind in putting in place comprehensive security safeguards to protect their business and customer database. Small business owners are also failing to take the necessary steps to establish a responsible safety culture among their employees, third-party vendors, and customers. The National Cyber ​​Security Alliance reports that 77% of small organizations do not have a formal Internet security policy and only 40% have a corporate policy that prevents employees from connecting company devices to unsecured wireless networks.

The survey also reveals that only 52% of small business owners have plans to keep their networks, data and computers secure, and only 43% have a plan to respond to the loss of customer data, such as credit cards or debit. personally identifiable information or data. Small organizations also lack the resources and technical skills to stop cyberattacks against networks. With limited budgets and only a few security staff running IT departments, small businesses often have weak security that makes them more susceptible to cyberattacks. Furthermore, malware exploits account for the majority of data breaches as downloads, embedded on unauthorized websites, or distributed by social networking sites. Security Week reported that the frequent use of sophisticated malware is designed to ensure that antivirus products do not detect it and advised all organizations to start dealing with malware at the network level and to analyze all malware-related traffic by performing an inspection. full of all traffic on all ports. Traditional malware detection solutions, such as antivirus applications, firewalls, spyware, and spam programs, are not designed to detect and prevent advanced malware threats.

The Business News Daily, a guide for startups and small businesses, reports that cyberattacks on small businesses are becoming more creative and stealthy. Cyber ​​criminals are always looking for innovative ways to commit fraud and are armed with sophisticated malware exploits and hacking techniques to capture more new victims. It has been estimated that there are now 403 million different versions of malware designed to gain user access control, deliver malicious content, obtain sensitive personally identifiable information (PII), and steal credit card details. Simple security measures can go a long way in detecting some attacks, but to effectively prevent successful security breaches from scaling up and becoming a persistent threat requires a comprehensive network security solution with knowledge of the situation and robust intrusion detection technology. The Verizon RISK team report revealed that 85% of investigated data breach incidents that occurred in 2011 took weeks or longer to discover and 92% of incidents were discovered by third parties, not the compromised company. More alarming, 56% of small businesses surveyed by the Ponemon Institute reported that most breaches were discovered accidentally or through an expensive audit.

Conclusion:

Security risks are increasing in number and complexity, while at the same time successful cyberattacks are significantly impacting an organization’s operations and success. Data breaches have become the latest epidemic on the rise. Like an epidemic, the impact of a data breach can only be reduced through proper planning and a proper response. Understanding security risk factors combined with taking steps to reduce risk is the way small organizations can overcome them. Reversing these security risk factors and trends requires a comprehensive security approach that reduces the risk of cyberattacks, financial loss, and reputational damage. In addition to establishing a responsible security plan for the entire organization, SMBs should invest in a capable network security solution that provides network visibility to mitigate security risks and strong intrusion detection to detect both internal and external security threats. as external.