Don’t Ignore these Cyber Threats

More than 40 percent of all cyberattacks are directed at small businesses, according to data published by Verizon. Now more than ever, small players can’t afford to have their core operations disrupted. Understanding the kinds of cyber threats out there is the first step to protecting yourself — and your company — against them.

Here are the most common cyber threats:

Ransomware

Ransomware, or software that publishes private data or otherwise harms your business unless a cash reward is given, has quickly become one of the biggest threats to small businesses. According to IBEX, an IT training firm and Verizon’s NDR platform partner, ransomware now accounts for more than a quarter of all malware-related breaches.

Many business owners will be tempted to simply pay a ransom for things to return to normal, but any business that's breached once can be breached again. While antivirus software is necessary to prevent the most sophisticated attacks, simply keeping your operating system up-to-date can go a long way toward preventing low-level ransomware incidents. For a comprehensive solution, ICS recommends our managed Endpoint Detection and Response platform, which controlled via a 24/7 Security Operations Center.

Phishing

Phishing is any attempt to gain sensitive information by posing as another user, and it’s rampant in today’s digital economy. Increasingly common forms of phishing are CEO and vendor impersonations. In all cases, employees are the last line of defense when it comes to protecting against the company against phishing attacks. For persons that manage the company financials, remind them: gift cards are gifts- not payments. If they are in a conversation with a vendor, and then are asked to submit gift cards- that should be a big red flag to terminate communication and follow the company policies on escalating security issues.

Insider Threats

Some of the business world’s most notable hacking scandals, from Sony to Ashley Madison, weren’t caused by sophisticated outside agents; they came from within. As much as you may trust your team, it takes just a single frustrated employee to expose catastrophic amounts of your company’s data. Insider attacks can be difficult to detect because internal personnel are usually trusted by the company, and it can look like they are just doing daily work and have access to cover their attacks. There are a number of technical controls that will help detect and prevent company data from leaving the network, and it is best to develop a prevention strategy now, before unexpectedly having to react to an insider threat.

Email-Based Attacks

91 percent of cybercrimes originate with email- so it’s crucial to keep your email platform completely locked down. Email-based attacks aren’t a specific type so much as they’re a method of attacking.

Multifactor authentication is an absolute must, to protect your own company accounts from being abused, but the need for security doesn’t just stop there. Ensure that all of your employees know not to open attachments from emails outside your organization, and be careful to check for email addresses written similarly to ones within your own company

Final Thoughts

While most small and medium-sized businesses believe they are prepared for a cyberattack, the reality is that few are actually ready to deal with the aftermath of such an incident. A group of executives surveyed revealed the causes for their unpreparedness: lack of budget, lack of time to research solutions, and\or lack of the right technology to deal with cybersecurity incidents.

At ICS, it is our goal to provide your organization with the necessary technical resources so that your business can succeed!