Almost every week we hear about one of the large giant corporations that have suffered from a cyberattack. These are the companies that have invested large dollar volume in security and IT staff and a lot of time and effort in trying to keep themselves protected. The main question that always occurs is: “If it can happen to them, what about the small or medium business that doesn’t have their budget?” Cybercriminals are becoming increasingly aware of the fact that proprietary information may be easier to access in the small to medium-sized business arena. If this fits your company profile, it’s time that you sit up, pay attention and take action.
From malware to viruses, criminals are becoming much more sophisticated in the methods for their madness. While the government is on a continual hunt in the ‘dark net’ to find and prosecute those involved in cybercrime, the culprits are working around the globe and locating them takes time. Their ability to anonymous and elusive while targeting companies to access critical data has been the mainstay of the cybercrime world. Any business that does not have a security strategy in place, combined with staff education on recognizing and emergency actions for a breach, is literally a ‘sitting duck’ for an attack.
The Symantec 2015 ISTR20 Internet Security Threat Report stated, “Almost no company, whether large or small, is immune. Five out of every six large companies (2,500+ employees) were targeted with spear-phishing attacks in 2014, a 40 percent increase over the previous year. Small- and medium-sized businesses also saw an uptick, with attacks increasing 26 percent and 30 percent, respectively.”
There is also an evolution in cybercrime. The number of email attacks seems to be reducing, but attacks on an unprotected or barely protected company system are fair game for these criminals. Their ability to send more sophisticated inquiries to test and try out the security levels are also combined as multiple attacks on the mobile and website fronts. Any access point that they can locate is an entrance for a virus, malware of full-on system takeover.
In the same Symantec report, they included: Attackers Are Streamlining and Upgrading Their Techniques, While Companies Struggle to Fight Old Tactics
In 2014, attackers continued to breach networks with highly targeted spear-phishing attacks, which increased eight percent overall. They notably used less effort than the previous year, deploying 14 percent less email towards 20 percent fewer targets. Attackers also perfected watering hole attacks, making each attack more selective by infecting legitimate websites, monitoring site visitors and targeting only the companies they wanted to attack.
Further complicating companies’ ability to defend themselves was the appearance of “Trojanized” software updates. Attackers identified common software programs used by target organizations, hid their malware inside software updates for those programs, and then waited patiently for their targets to download and install that software—in effect, leading companies to infect themselves. Last year, 60 percent of all targeted attacks struck small- and medium-sized organizations. These organizations often have fewer resources to invest in security, and many are still not adopting basic best practices like blocking executable files and screensaver email attachments. This puts not only the businesses but also their business partners, at higher risk.
The picture that is painted isn’t all doom and gloom. There are strategies that can be put in place to assist in protecting your proprietary company information as well as that of your customers. Many small to medium-sized businesses find themselves in the position where they have either not sufficiently prepared for an attack, have allowed software updates to lapse, or lack the trained staff or personnel to take emergency action. In these situations, a cyberattack could occur and not be discovered for many months.
Protection of your business reputation and data is the key element. Coordinating efforts with a professional company that can work with your company for an overall strategy is the best method to combat against a breach. Educating staff as well as having a set of emergency actions in place can help to maintain your system integrity.