Most of us are content to view the nightly news as something that happens to “other people,” but the recent WannaCry ransomware attack proves that none of us is safe from cybercrime. Nowadays, it’s not the “big” attacks on large companies like Target or Anthem or Sony Pictures that are the biggest threats. Sure, these things may affect important personal information, but by far the most serious fallout from such an attack can put you or a loved one in a life-or-death situation. That’s what happened when WannaCry infiltrated the National Health Service in the United Kingdom. With thousands of NHS computers locked out, medical staff struggled to attend to patients. Important medical information was unavailable, equipment rendered inoperable, and scheduled surgeries canceled.
WannaCry is a new breed of malware in the ever-changing world of cybercrime. Businesses will have to become more vigilant against such attacks and remain agile when faced with the latest version of a global attack. Small to midsize businesses, especially, will find themselves vulnerable.
In fact, 2016 saw a rise in target attacks on small and midsize businesses, with nearly 75% of small businesses reporting security breaches. This is a marked increase from 2014, in which 60% of all targeted attacks struck small- and medium-sized organizations. What’s more, upwards of 60% of those businesses close their doors within six months after an attack. When you consider those facts, it becomes clear that small business needs to pay attention to online security, and now.
A Matter of “When”
Many small businesses believe that because of their size, hackers aren’t interested in them, preferring instead to target big businesses with lots of customer and banking information. In the not-too-distant past this might have been true, but hacking methods today are quite different; automated attacks can scour the Internet for unsecured computers with minimal effort on the behalf of the cybercriminals behind the attacks. Once compromised, a computer can be mined for its sensitive information, infected with malware that will spread, and even be put into service as part of a botnet – a remotely-controlled network of computers used to infect other machines.
Most businesses recognize that they need to do something to protect themselves and the sensitive information their computers hold. Traditionally, this has taken the form of erecting defense mechanisms designed to keep the bad guys out. Firewalls, spam blockers, and antivirus software do provide layers of protection against intrusion, but they do little to protect data once an attacker inevitably breaks through those defenses. Make no mistake – the volume and variety of threats out there change the risk of being hacked from “if” to “when.”
What Cyber Attacks Look Like Today
Cyber attacks are very different events today than they were just a few short years ago. In its April 2017 Internet Security Threat Report, Symantec reports that it observed a shift in the types of threats taking place in 2016, including:
- Targeted attacks against organizations and countries designed to influence politics
- Exploitation of weaknesses in security to steal credentials in order to make fraudulent financial transactions
- Email spoofing attacks (aka spear-phishing) designed to trick recipients into providing sensitive information
- Taking advantage of default features in software to trigger remote access and malware downloads
- Using social engineering techniques to defeat security measures designed to protect software from macro viruses
- Renewed popularity of email as a malware delivery vehicle
- Increased ransomware attacks triggered via email
- Leveraging the Internet of Things (IoT) as a botnet to create Denial of Service (DoS) attacks
- Malware developers creating ransomware kits, known as Ransomware-as-a-Service (RaaS), which allow ransomware to be easily created and variants to be customized
- Ransomware attacks on mobile platforms such as Android
In 2016, cyber criminals largely stepped out of the shadows and began hiding in plain sight. Operating system features, off-the-shelf tools, and cloud services all became potential vulnerabilities for individuals and businesses alike.
Lest you forget that there are many ways a hacker can gain access to your business, take a look at the typical points of attack exploited by cybercriminals:
- Networks – hubs, switches, and routers that move information from place to place
- Web – Criminals are taking advantage of the technology and infrastructure that legitimate ad networks have created to distribute malicious attacks and scams.
- Social Media & Messaging Platforms – Watering Hole, Spear-phishing
- Servers and Workstations (to include email) – Ransomware, Phishing, Virus, Denial of Service
Cyber Security Best Practices We Need to Be Doing Instead
While no security system is 100% ironclad, there are industry standards and best practices that can significantly reduce the havoc wrought by a hacker that gets around your first layer of defense.
- Employ in-depth defensive strategies – multiple, overlapping, and mutually supportive systems to protect against single-point failures
- Patch known vulnerabilities as soon as possible
- Use encryption to secure sensitive data, both at rest and in transit
- Encrypt customer data
- Require long, strong passwords for all network credentials
- Delete unused credentials and profiles
- Limit the number of administrative-level profiles
- Educate users on common spear-phishing techniques
- Trigger security software updates as they become available
- Trigger operating system and software updates as they become available
- Instruct all users not to enable macros in order to view an email attachment
- Delete any emails that request enabling macros to view an attachment
- Employ a strong image-based backup system
- Regularly test backup and recovery plans
- Research the security features of any IoT device before purchase
- Audit any IoT devices found on your network for vulnerabilities
- Change default credentials on any IoT device put into service on your network
- Employ strong encryption methods in setting up WiFi network access for IoT devices
- Change default privacy and security settings on IoT devices, including disabling features and services that are not required as well as Telnet logins
- Use SSH protocol where possible
- Disable remote access to IoT devices when not in use
- Use wired connections for IoT devices whenever possible
- Apply firmware updates on IoT devices as they become available
- Have a plan in place in the event a hardware failure renders an IoT device insecure
- Secure hardware/software configurations on servers, workstations, network & Wi-Fi equipment
- Continuously assess and remediate vulnerabilities
The unfortunate fact of today’s increasingly connected world is that anyone’s information can be compromised at any time, despite security precautions that may be in place. It might seem counter-intuitive for cybercriminals to target small business when there are vast stores of information at larger companies. However, a small business often provides a tidbit of information that can be used in a large-scale attack. Additionally, small businesses often have limited resources available in the fight against cybercrime, making them easier targets.
Help With Small and Midsize Business IT Security
If you’re a small- to medium-sized business, the information above might seem overwhelming, particularly if you don’t have an in-house IT department. Don’t let that stop you from seeking IT security for your business. Businesses like Lieberman Technologies exist to assist small and midsize businesses with their IT needs, including developing a security plan that helps protect your network and your data. If you’re not sure your network is as secure as it can be, conducting an assessment of your current environment is a good place to start.
Editor’s note: This post has been updated to provide additional information about current cyber security threats.