Cybersecurity Trends for SMBs

During our recent panel on cybersecurity, Anthony Butler, author of Cracking the IT Code, described the state of the security market like a very difficult puzzle with the nature of threats continually changing.

 

 

What exactly is changing?

The sophistication of attacks has gone from hacks carried out by college kids, to organized crime spending millions to develop debilitating attacks. The increased frequency of attacks is even more alarming. We no longer see cyberattacks from a handful of isolated groups, but instead from hundreds of organizations. With the increased frequency and intensity of attacks, we have reviewed some recent cybersecurity trends to help you understand how they are impacting small and medium businesses. 

Ransomware

The next generation of ransomware and malware produced today are more effective and harder to detect, exposing us to even greater risk, according to Nick Belov, CISO at CGS. 

The cyberattackers building these malicious programs are changing their tactics as well. Attackers today will sometimes masquerade as security consultants who can “recover” encryption keys for companies that have been the victim of an attack. The hackers claim they can recover their data, for a fee. Attackers have found it easier to convince companies to pay IT consultants a steep fee, as opposed to paying a ransom to cyberattackers. 

Another new strategy is creating ransomware that is smart enough to hunt down and destroy backups or backup catalogs in addition to the original data. This has companies looking to air gapped backups as one popular way to reduce risk. 

The good news is ransomware attackers are also working against the clock. Flaws in malware implementation may weaken attacks so that companies can quickly recover their lost or damaged data. In some cases, if the affected company can afford to wait, simply holding out for a few weeks or a month may allow them to use a public solution to a widespread malware attack. This is, of course, a business decision, not a technology or information security decision, that each company has to make case by case. 

More Sophisticated Attacks

The increased sophistication of attacks has been problematic for some time, however, we have seen a few recent dramatic jumps.

The recent dump of NSA tools has been hugely impactful. One of the most well-known attacks as a result of the dump is the zero day hackers developed known as the WannaCry ransomware. Zero days are attacks on previously unknown software vulnerabilities for which a developer has not released a patch or fix. As we saw in the case of WannaCry, companies are not well prepared to manage zero days, and neither is the IT industry. This is incredibly surprising as these attacks can be very damaging and are increasing in intensity and frequency.

There has also been an increase of carefully constructed social engineering email phishing attacks such as CEO wire scams, W2 scams or phishing for credentials for services like Office 365 and Outlook Web Access. 

In the past, these kinds of attacks were easily identified by poor English and a liberal dose of grammatical and linguistic mistakes. Cyberattackers today have tools that can accurately mimic the language and communication style of the supposed sender, be it the CEO or controller. The emails are almost perfect, down to the smallest details, so that the receiver might actually believe she wrote the email.  

 

How do you defend your company and ensure a fast recovery when an attack hits? 

 

One recent positive change in the marketplace is the availability of cyber insurance for SMBs. With more companies buying cyber insurance, providers have been able to deliver better coverage at more affordable prices for smaller businesses. One common hurdle for SMBs with insurance has been the perceived complexity of qualification process. There are sometimes extensive inquiry forms and technical interviews a company must complete to prove that they’ve taken the proper, reasonable steps to protect their assets. This requires businesses to have a solid plan in place before applying for insurance. With a lack of awareness of how quickly SMBs have become prime targets, combined with the limited internal security expertise in many companies, many businesses skip these steps. Doing so, however, can be extremely costly, as it puts the survival of the company at great risk. According to Small Business Trends, 60 percent of small companies go out of business within six months of a cyberattack. Insurance is there to help businesses recover faster in the event of an attack, however preventing the breach in the first place, is still top priority. 

 

One easy step is to build adequate, frequently tested backups. Regardless of the format and how well it works, in an attack everything will reflect back on your preparation. It's one thing to replace a day's worth of work because it was caught it in a few hours, versus having to go back three months. In particular, if you have backups and they are not detached, malware and ransomware have become smart enough to reach these files and destroy them in an attack as well. Data governance and understanding where your data lives is a key part of your recovery prepartion. 

 

It is also critical that we challenge our implementations and configurations. We need to make use of tabletops with red teams, penetration tests, and similar tools to avoid unintentional mistakes and to fine tune our defensive processes. Independent audits are available to help you discover where the risks lie and to ensure your bases are covered.

 

 

 

Building a program that makes sense for your business can protect your assets in a comprehensive way without over extending your team. There are no cookie-cutter solutions, so it can be a difficult challenge to undertake. To reach your security goals, the first steps are to choose the right partners with the right expertise and invest in cyber insurance.

 

Identify the most critical items, and then start with implementing a few countermeasures. IT professionals can help define your potential attack surface, and will know what to address first in an incident. With the right preparation, you will be able to reduce the risk of cyberattacks to a tolerable level with lower levels of exposure. This is really a puzzle that will be worth your time and effort to figure out and put together.

 

For more tips and tricks check out 4 Tips to Secure Your Business Against Cyber-attacks