Home » Small Business » Your Business Getting Hacked Is More Likely Than You Think

As small businesses deal with the new remote workforce reality, securing their networks is more important than ever. Cybercrime is predicted to cost $10.5 trillion annually by 2025 — and it’s not a problem exclusively for huge multinational corporations. In fact, 58 percent of cybercrime victims are small- and medium-sized businesses (SMBs).

Small businesses are a target for cybercriminals because SMBs have fewer resources while also possessing data that can be ransomed. For these reasons, efforts to compromise SMBs have increased dramatically.

The threats

Any vendor or partner could be used as a jumping-off point to compromise SMBs — a cleaning service, building security, or a commonly used supplier. Once attackers compromise a third-party organization, they can use that access to send phishing emails, malicious files, and other such information to the victim under a mask of legitimacy, making it more likely the victim organization will interact with the attack as it appears to be from a trusted vendor. This is especially effective because compromising a vendor often offers a high volume of additional hacking prospects.

Ransomware is an increasingly popular business threat as well. Malwarebytes Labs research data from the latest State of Malware report showed that new ransomware activity continues to gain momentum against businesses. Ryuk and Sodinokibi ransomware have increased by as much as 543 and 820 percent respectively year over year from 2018 to 2019.

The work from home (WFH) trend also affords cybercriminals new opportunities. Remote employees often have access to vital systems like corporate virtual private networks (VPNs), cloud-based services, business email, and shared drives. In light of the COVID-19 pandemic, the second half of 2020 saw commercial cybercriminals increasingly shifting their focus from consumers to business targets.

“According to our recent Enduring From Home report, since the start of the pandemic, 20 percent of respondents faced a security breach as a result of a remote worker,” said Akshay Bhargava, chief product officer at Malwarebytes. “In addition, 24 percent of respondents paid unexpected expenses to address a cybersecurity breach or malware attack following shelter-in-place orders.”Criminals are also experts at developing malware that exploits vulnerabilities found in popular software. However, it’s the older vulnerabilities that are most commonly targeted by the bad guys. 

These often have a software patch that fixes the vulnerability, but many fail to install them in a timely fashion. 

“If cybercriminals know one universal truth, it’s that organizations aren’t great about updating their software, and user error is rampant,” Bhargava explained. “For many small businesses, rolling out a dedicated security team would be too costly, so this is where proper security tools and internal security training becomes critical.” 

The solutions

Businesses must have a recovery plan for ransomware or other cyberattacks, a layered defense, and employee training. When so many attacks begin with a simple email attachment, it’s frustrating to think how many major incidents could’ve been avoided by showing employees how to recognize phishing attempts or other malicious emails.

When it comes to endpoint cybersecurity, there are a few key things to look for. “You want something that’s easy to install and offers automated detection and repair,” Bhargava advises. “It’s also critical to ensure your tools integrate and work seamlessly together. Small businesses in particular require solutions that remove obstacles from IT teams and do the heavy lifting. Malwarebytes ensures automated isolation to contain threats and offers 72-hour ransomware rollback, which can be a critical lifeline for businesses under attack.”

You can’t predict every threat model, but you can better thwart phishing attacks by putting in place a clear cybersecurity crisis plan. There’s never been a better time to start beefing up your cybersecurity policies.

To learn more about how to protect your business and workforce from an attack, visit malwarebytes.com/.

Next article