We have heard multiple incidents involving large corporations experiencing massive data breaches in the news but you don’t often do you hear reports about the hacking of small business. Why? Because these attacks aren’t public knowledge. Many small businesses and entrepreneurs don’t realize that their company is just as at risk for cyber-attacks as larger companies. According to a report by Verizon, 61% of data breach victims were small businesses!
Breaches at big corporations like Yahoo, Target etc make the headlines but smaller enterprises are still a target for hackers. A senior security researcher at antivirus software company ESET, Stephen Cobb, said that small businesses fall into hackers’ cybersecurity sweet spot: They have more digital assets to target than an individual consumer has but less secure than a larger enterprise.
Since small enterprises are known to be less careful about their cybersecurity, it makes them an appealing target for hackers. According to Towergate Insurance, small businesses often underestimate their risk level, with 82% of small business owners saying they’re not targets for attacks because they don’t have anything worth stealing. This laid back attitude and lack of interest and investment into cybersecurity measures are why small businesses are easy to attack. Say, for example, there is a major data breach and the owners of this SMB are forced to pay the ransom attack to get the data back. Why? Because such a security breach is devastating to small businesses and it could potentially put them out of business! Lastly, keep in mind that small businesses are often the key to gaining access to larger businesses with which SMBs work.
Types of cyber attacks
Usually, the big goal of a cyber attack is to steal and exploit sensitive and confidential data like credit card information or a person’s credentials which leads to manipulating their identity online. This is not the exact list of potential cyber threats mainly due to the ever-evolving hacker techniques but business should be aware of the most common types.
APT: Advanced persistent threats, or APTs, are long-term targeted attacks in which hackers break into a network in multiple phases to avoid detection. Once a target network is accessed by an attacker, they operate to stay undetected while creating their foothold on the system. If a violation is identified and repaired, the attackers have already provided additional paths into the system to allow them to continue plundering information.
DDoS: An acronym for distributed denial of service, DDoS attacks occur when a server is intentionally overloaded with requests until it shuts down the target’s website or network system.
Inside attack: This is when someone with administrative privileges, generally within the organisation, is deliberately misusing their credentials to obtain access to private data about the business. In particular, former staff pose a danger if they leave the business on bad terms. Your business should have a policy in place to revoke all company data access instantly upon the termination of an employee.
Malware: This umbrella term is short for “malicious software” and covers any program introduced into the target’s computer with the intent to cause damage or gain unauthorized access. Malware types include viruses, worms, trojans, spyware and ransomware and knowing this is essential to choose which kind of cybersecurity software you need.
Password attacks: There are 3 main types of password attacks: a brute-force attack, which involves guessing at passwords until the hacker gets in; a dictionary attack, which uses a program to try different combinations of dictionary words; and keylogging, which tracks a user’s keystrokes, including login IDs and passwords.
Phishing: Perhaps the most frequently used type of cybertheft, phishing includes gathering delicate data such as login credentials and credit card data through a website that looks legitimate (but actually fraudulent), often sent in an email to unsuspecting people. Spear phishing, a sophisticated form of such an assault, needs an in-depth understanding of particular people and social engineering in order to gain their trust and penetrate the network.
Ransomware: Ransomware is a type of malware that infects your machine and demands a ransom. Typically, Ransomware either locks you out of your computer and demands payment in return for access or threatens to post personal data if you do not pay the given amount. Ransomware is one of the fastest-growing kinds of safety breaches.
Zero-day attack: Zero-day attacks are unknown faults and exploits in software and systems found by attackers before the problem becomes known to developers and security executives. For months, even years, these exploits can go undetected until they are found and repaired.
Security solutions to look for
Installing Antivirus software is the most common and will defend against most types of malware. Firewalls, which can be implemented using hardware or software, provide an additional security layer by stopping an unauthorized user from accessing a computer or network.
The first is a data backup solution so any data that is damaged or lost during an infringement can be readily retrieved from an alternative place. The second is encryption software to protect vulnerable data such as staff documents, client/customer information and accounts. The third solution is two-step authentication or password-security software for a business’s internal programs to reduce the likelihood of password cracking.
Learn more about cybersecurity solutions for small businesses here.
Ultimately, having a safety-first mentality is the best thing you can do for your company. Small businesses are not supposed to be excluded because of their size from falling victim to a violation.