Research into cybersecurity for small-and-medium-sized-businesses repeatedly reveals two things: SMBs are increasingly at risk of cyber attack year over year, and a majority of SMB leaders and employees remain ignorant to the former. The number of SMBs which have experienced network breaches continues to grow, as does the frequency of these attacks and the amount of damage that successful data penetrations or system infections cause. The factors behind these trends remain relatively consistent, including a lack of individual and organizational best practices, budgetary concerns when it comes to personnel and tools, and opportunity for hackers in the form of said lack of best practices and tools.
Concerning the widespread lack of best practices, surveys show that employees (including those on the executive level) consistently remain the biggest gap in an any organization’s network security. C-suite officers provide the most valuable targets to hackers, but anyone with some level of access to data controls offers an opportunity to exploit in a cyber attack. Cybercriminals seeking a better return from compromising an individual’s personal information, but not willing to risk breaching a larger corporation’s network security will begin looking for an entryway into an SMB’s systems through easy victims.
Social networking platforms are ubiquitous in the modern digital world and bestow a wealth of background information for any attacker to discover via a simple search engine. Hackers utilize social engineering as a cost-effective method of gathering enough data on targets of opportunity that can be pursued for a phishing campaign. The details they obtain allow them to craft increasingly sophisticated fraudulent messages; even if an email might contain a few errors in the copy or the sender’s address, committed cybercriminals will ensure they are visually deceptive enough to drop the victim’s guard.
Even if an attacker does not follow through with a phishing attempt, there are plenty of other ways for them to leverage personal data to breach a business’s network security. Hackers may track a travelling executive relying on hotel Wi-Fi, crack weak passwords using social media information, or set up dummy versions of company websites laced with malware. Just knowing that you have data that you consider critical can be all an attacker needs to launch a ransomware campaign that will infect your system and lock down your files.
Cybercriminals seeking monetary gain do not present the only problem either, as “hacktivists,” state-sponsored and cyberwarfare nation-state hackers are targeting SMBs in certain sectors as well. Such groups based in Russia, China and North Korea are focusing on disrupting the manufacturing, energy and other industries to drive political outcomes and any business of any size is a legitimate target. Some of these nation-backed attackers seek both political and monetary gain simultaneously and poach data from America businesses for foreign governments or companies to increase their competitiveness in the world economy.
SMB occupy a precarious place in the web of modern cybersecurity – too small for the expensive cybersecurity solutions of corporate giants like IBM, but too big for hackers to ignore. The research cited at the beginning of this article – and many other studies – indicate that the most common practice for a majority of SMBs is to simply rely on their smaller size as a deterrent against being targeted. The data above clearly demonstrates this is an ineffective strategy.
This is an especially dangerous for businesses on or approaching the “medium” side of SMB, where both new technology and growth bring additional touchpoints and network gaps that hackers can exploit. Any SMB doing business in the 21st century must no longer treat implementing a comprehensive cybersecurity plan as a luxury – a defended network is now a requirement to exist.
To learn more about today’s best practices for your network and data management view our free webinar, Watch Now.