SMBs Are the “Target of Choice” for Hackers

Five Reasons Hackers are Targeting SMBs

by Steve Nice – 06/15/2017 – “Five Reasons Hackers are Targeting SMBs”

Larger organizations dominate the headlines when it comes to cybercrime, but it is the small and medium-sized business (SMBs) that are becoming the primary targets and are bearing the brunt of most attacks. Smaller businesses are being hit with seven million cyber-attacks a year, which is costing the UK economy an astonishing £5.3 billion annually.

Just this month a new report from the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA) says that the last year “has been punctuated by cyber-attacks on a scale and boldness not seen before.” So, why are hackers targeting SMBs and what can they do to protect themselves from this growing spectre of cybercrime?

SMBs are low-hanging fruit – make yourself less easy to target with UTM
Smaller enterprises are generally quite complacent about security. Due to the size of their operations, they tend to assume they are safe from malicious attacks when in reality, it’s quite the opposite. Smaller businesses are more at risk of successful cyber-attacks than larger ones as they often lack the budget and expertise to implement effective cybersecurity strategies. A recent report by Barclaycard revealed that only 20% of organizations believe cybersecurity to be a top business priority, suggesting why they are a prime target for hackers.

These SMBs need to ensure that they remain one step ahead of cybercriminals, and should seek advice from cybersecurity professionals and invest in protection policies. Investing in and adopting Unified Threat Management (UTM) solutions will offer them better protection against the growing number of threat vectors.

SMBs can be the ‘gateway’ to larger organizations

Larger companies are often harder to penetrate as they have sophisticated security defenses in place. As many SMBs are connected electronically to the IT systems of larger partner organizations, it provides an inroad to the ‘big names’ and their valuable data. Hackers clearly go small to win big but if found to be the flaw in a large organization’s security defense, small businesses could suffer catastrophic reputational and financial damage.

SMBs are vulnerable to ransom requests – shore up your defenses and train your staff
SMBs are in a vulnerable position when it comes to cyber-attacks, in the sense that a ransomware request could put them out of business overnight. With their business at stake, victims of ransomware often feel they have no option but to acquiesce to such requests.

Arguably SMBs have no-one else to blame but themselves: by not keeping their employees abreast of security concerns and issues, they are leaving themselves vulnerable to ransomware and phishing. Node4 research reveals that the biggest internal threat to a business is the human element, through errors made by employees. Companies need to educate their staff on the evolving threat landscape and the potential threats of opening unsolicited email attachments, for example.

SMBs are vulnerable to the rise in CEO fraud – use alternate systems to dual-authorize

Businesses are also falling victim to the latest in a new generation of cyber-attacks, CEO fraud, with almost 40% of targets being SMBs according to Symantec research. CEO fraud involves hackers designing and sending a fraudulent email to an employee, posing to be the CEO of the company.

They use a domain name that appears similar to the target’s to scam the employee, with the email typically requesting sensitive company information or money transfers, which, of course, ends up in the hacker’s bank account.

By introducing dual authorization procedures, SMBs can detect CEO fraud quickly and easily, and can protect their organization from such attacks. Most SMBs have internal messaging tools, such as Slack or Skype for Business, that are more difficult to compromise. Companies should use such platforms to verify the authenticity of a payment request. Having a second pair of eyes overlooking the request can make all difference and could potentially save your business huge amounts of money.

 

Steve Nice

Chief Security Technologist, Node4
Follow @Node4Ltd

Buffer
Posted in Cyberattack, Cybersecurity, Governance, Risk Management
Tags: , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Visit Us On TwitterVisit Us On FacebookVisit Us On LinkedinVisit Us On Google Plus

Keep Current with What’s New in Cybersecurity

Email Address:

Name:


Cybersecurity News Daily

Provides a daily summary of what's news in Cybersecurity

Archives

Recent Tweets

Categories

Follow

Get every new post delivered to your Inbox

Join other followers: