While many of us may have taken a well-deserved break over the holidays, cybercriminals were hard at work looking for new ways to target and exploit our networks, devices and services. When it comes to the types of organisations cybercriminals are targeting, no one is immune.
Though many small and medium size enterprises may think that they can skirt the issue of cybersecurity, nothing could be further from the truth. In fact, according to the 2019 SMB Cyberthreat Study, 66% of business leaders say their businesses are too small to be targeted by cyber-criminals. Yet, the same study found that 67% of businesses had suffered a security attack in the prior 12 months.
Why are SMBs such a target? Many smaller organisations operate with small budgets and limited IT resources, resulting in less-than-stellar cybersecurity practices. Yet, small businesses arguably have the most to lose from suffering a damaging cyber attack, especially with regulations like GDPR carrying hefty fines for those that don’t comply. Even so, only 9% of SMBs rank cybersecurity as a top business priority.
The question you’re probably asking yourself right now is, what can be done? Below, we look at some of the top threats you face as a business, but also present what you can do to protect your network and data.
Phishing is a primary cybersecurity risk and concern for today’s SMBs. A phishing attack is where a hacker attempts to obtain financial or other valuable or confidential information by sending fraudulent emails or notices to people in your firm. Phishing accounts for 90% of all breaches that organisations face. However, many organisations have responded to the growth in phishing attacks by focusing on training users to identify phishing emails and not click on potentially nefarious attachments. As a result, cybercriminals have begun to expand their tactics by simply targeting other areas of the attack surface that aren’t being focused on.
The first step in protecting your firm is to install the right email security solution, such as ProofPoint or FortiMail. The second step is to secure publicly available edge services to prevent cybercriminals from delivering their malware to targets inside the network.
Spoofing is another threat facing your SMB. Email spoofing spoofing is an attempt to deliver an attack and trick your staff into performing dangerous actions, like unknowingly downloading malware. As with phishing, spoofing attempts are often disguised as legitimate-looking emails from trusted sources. Today, spoofing attacks can be quite refined; often they include official-looking language, graphics, or websites. Not surprisingly, this can make it quite challenging to minimise the risks of a spoofing attack among your employees.
To protect against spoofing and other risks, your company should immediately assess your IT infrastructure and the protections it has in place. You can add Sender Policy Framework policies to your existing DNS information, which will increase the chances that any spoofed email will be detected. However, adding a SPF record doesn’t make your 100% fully protected. To better understand how your infrastructure would stand up to a spoofing attack, book an IT Security Healthcheck with our team of highly trained security engineers.
Malware, Ransomware & More
In addition to phishing and spoofing attempts, there is also malicious software designed to perform damaging operations on your IT infrastructure. According to the latest Fortinet Threat Landscape Report, malware-as-as-service (MaaS) and ransomware-as-as-service (RaaS) continues to grow and at least two new significant ransomware families are now available on the dark web as RaaS offerings.
What you Can Do
The single biggest step you can take towards a more secure organisation is adopting a holistic approach to security your distributed networked environment with Unified Threat Management. This will simplify security and infrastructure, whilst protecting your business.
It’s also crucial to ensure you patch, upgrade, replace and protect. Make sure your network and devices are up-to-date and fully secured. If you need some help, our Services team is available to help you ensure your organisation is properly prepared for the threat landscape in the year ahead.
Get in touch with us to schedule an IT Security HealthCheck or chat about how we can help you better secure your network in the new year.