The Most Current Cyber Threats Faced by SMBs and the Latest Security Tips for Employees

img blog the most current cyber threats faced by smbs and the latest security tips for employees
logo adaptive

In an era defined by the rapid evolution of technology and the seamless integration of digital processes into everyday business operations, the landscape for small and medium businesses (SMBs) has expanded exponentially. As these enterprises harness the power of interconnected networks, cloud computing, and online platforms to unlock growth and innovation, they also find themselves navigating a digital frontier fraught with unprecedented challenges.

While the digital age has ushered in remarkable opportunities, it has equally introduced a new breed of adversaries: cybercriminals who exploit vulnerabilities in technology infrastructure to steal sensitive information, disrupt operations, and undermine the very foundations upon which businesses stand. In this realm of constant connectivity, the threat landscape has morphed into a complex ecosystem of cyber threats that can target businesses of any size, with SMBs increasingly finding themselves in the crosshairs of threats that can impact their operations, finances, and reputations.

By staying informed, vigilant, and resilient, SMBs can safeguard their digital assets, preserve their hard-earned reputation, and chart a course toward a secure and prosperous future in an increasingly interconnected business landscape.

Let’s dive into the most current threats to SMBs, according to an article by Embroker.

In excerpts, they wrote, “Unprecedented events like COVID-19 pandemic contested elections, and spiking sociopolitical unrest have led to an explosion in the number and severity of cybercrimes over the course of just a few years. We’re likely to see security threats become more sophisticated and, therefore, more expensive over time.

Top 10 Cybersecurity Threats

1. Social Engineering

Social engineering remains one of the most dangerous hacking techniques employed by cybercriminals, largely because it relies on human error rather than technical vulnerabilities. This makes these attacks all the more dangerous—it’s a lot easier to trick a human than it is to breach a security system. And it’s clear that hackers know this: according to Verizon’s Data Breach Investigations report, 85% of all data breaches involve human interaction.

New in 2023

In 2023, social engineering tactics will be a key method for obtaining employee data and credentials. Over 75% of targeted cyberattacks start with an email. Phishing is one of the top causes of data breaches, followed by the use of stolen credentials and ransomware. Phishing and email impersonation continue to evolve to incorporate new trends, technologies, and tactics.

2. Third-Party Exposure

Cybercriminals can get around security systems by hacking less-protected networks belonging to third parties that have privileged access to the hacker’s primary target.

One major example of a third-party breach occurred at the beginning of 2021 when hackers leaked personal data from over 214 million Facebook, Instagram, and LinkedIn accounts. The hackers were able to access the data by breaching a third-party contractor called Socialarks that was employed by all three companies and had privileged access to their networks.

New in 2023

In 2023, third-party breaches have become an even more pressing threat as companies increasingly turn to independent contractors to complete work once handled by full-time employees. Network access will continue to be a focus for criminal organizations. A remote or dispersed workforce will continue to present security challenges for organizations large and small.

53% of adults agree that remote work has made it much easier for hackers and cybercriminals to take advantage of people. A cybersecurity firm CyberArk reports that 96% of organizations grant these external parties access to critical systems, providing a potentially unprotected access route to their data for hackers to exploit.

3. Configuration Mistakes

Even professional security systems more than likely contain at least one error in how the software is installed and set up. In a series of 268 trials conducted by cybersecurity software company Rapid7, 80% of external penetration tests encountered an exploitable misconfiguration. In tests where the attacker had internal system access (i.e., trials mimicking access via a third party or infiltration of a physical office), the amount of exploitable configuration errors rose to 96%.

New in 2023

In 2023, the socio-political upheavals, and ongoing financial stress are likely to increase the number of careless mistakes that employees make at work, creating more exploitable opportunities for cybercriminals.

According to a Lyra Health report, 81% of workers have experienced mental health issues as a result of the pandemic, and 65% of workers say their mental health has directly impacted their work performance.

4. Poor Cyber Hygiene

“Cyber hygiene” refers to regular habits and practices regarding technology use, like avoiding unprotected WiFi networks and implementing safeguards like a VPN or multi-factor authentication.

Nearly 60% of organizations rely on human memory to manage passwords, and 42% of organizations manage passwords using sticky notes. More than half (54%) of IT professionals do not require the use of two-factor authentication for access to company accounts, and just 37% of individuals use two-factor authentication for personal accounts.

New in 2023

Thanks to an uptick in remote working, systems protected by weak passwords are now being accessed from unprotected home networks, sticky note passwords are making their way into public coffee shops, and workers are logging in on personal devices that have a much higher chance of being lost or stolen. Companies and individuals that don’t improve their cyber practices are at much greater risk now than before.

5. Cloud Vulnerabilities

One might think the cloud would become more secure over time, but in fact, the opposite is true: IBM reports that cloud vulnerabilities have increased 150% in the last five years. Verizon’s DBIR found that over 90% of the 29,000 breaches analyzed in the report were caused by web app breaches.

According to Gartner, cloud security is currently the fastest-growing cybersecurity market segment, with a 41% increase from $595 million in 2020 to $841 million in 2021.

New in 2023

New developments in cloud security include the adoption of “Zero Trust” cloud security architecture. Zero Trust systems are designed to function as though the network has already been compromised, implementing required verifications at every step and with every sign-in instead of granting sustained access to recognized devices or devices within the network perimeter.

6. Mobile Device Vulnerabilities

Not only do remote users rely more heavily on mobile devices, but pandemic experts also encouraged large-scale adoption of mobile wallets and touchless payment technology in order to limit germ transmission. A larger population of users presents a larger target for cybercriminals.

New in 2023

Mobile device vulnerabilities have been exacerbated by the increase in remote work, which led to an uptick in companies implementing bring-your-own-device policies. According to Check Point Software’s Mobile Security Report, over the course of 2021, 46% of companies experienced a security incident involving a malicious mobile application downloaded by an employee.

Cybercriminals have also begun to target Mobile Device Management systems which, ironically, are designed to allow companies to manage company devices in a way that keeps corporate data secure. Since MDMs are connected to the entire network of mobile devices, hackers can use them to attack every employee at the company simultaneously.

7. Internet of Things

The pandemic-induced shift away from the office led over a quarter of the American workforce to bring their work into the home, where 70% of households have at least one smart device. Unsurprisingly, attacks on smart or “Internet of Things (IoT)” devices spiked as a result.

Combined with the average American’s less-than-stellar cyber hygiene habits, IoT connectivity opens a world of vulnerabilities for hackers. The average smart device is attacked within five minutes of connecting to the internet, and experts estimate that a smart home with a wide range of IoT devices may be targeted by as many as 12,000 hacking attempts in a single week.

New in 2023

Researchers predict that the number of smart devices ordered will double between 2021 and 2025, creating an even wider network of access points that can be used to breach personal and corporate systems. The number of cellular IoT connections is expected to reach 3.5 billion in 2023, and experts predict that over a quarter of all cyberattacks against businesses will be IoT-based by 2025.

8. Ransomware

While ransomware attacks are by no means a new threat, they’ve become significantly more expensive in recent years: between 2018 and 2020, the average ransom fee skyrocketed from $5,000 to $200,000. Ransomware attacks also cost companies in the form of income lost while hackers hold system access for ransom. (The average length of system downtime after a ransomware attack is 21 days.)

New in 2023

Ransomware attacks will persist and evolve as criminal organizations look to evade the OFAC block list and apply pressure tactics for payment. In fact, cybercriminals can now subscribe to “Ransomware-as-a-Service” providers, which allow users to deploy pre-developed ransomware tools to execute attacks in exchange for a percentage of all successful ransom payments.

Similar to legitimate software companies, cybercriminal groups are continually developing their tool kit for themselves and their customers – for example, to make the process of data exfiltration quicker and easier. Another trick that threat actors sometimes pull off is rebranding their ransomware, changing bits and pieces in the process.

According to Microsoft, 96.88 percent of all ransomware infections take under four hours to successfully infiltrate their target. The fastest malicious software can take over a company’s system in under 45 minutes.

5 Key Ransomware Statistics:

  • Ransomware cost the world $20 billion in 2021. That number is expected to rise to $265 billion by 2031.
  • In 2021, 37 percent of all businesses and organizations were hit by ransomware.
  • Recovering from a ransomware attack cost businesses $1.85 million on average in 2021.
  • Out of all ransomware victims, 32 percent pay the ransom, but they only get 65 percent of their data back.
  • Only 57 percent of businesses are successful in recovering their data using a backup.

9. Poor Data Management

Data management is about more than just keeping your storage and organization systems tidy. To put things in perspective, the amount of data created by consumers doubles every four years, but more than half of that new data is never used or analyzed. Piles of surplus data lead to confusion, which leaves data vulnerable to cyber-attacks.

New in 2023

Due in part to the exponential explosion of data that’s taken place over the past decade, experts predict that 2023 will bring an increased shift away from “big data” toward “right data,” or an emphasis on storing only data that is needed.

To sort the right data from unnecessary data, teams will increasingly rely on automation, which comes with its own set of risks.

Automated programs are like spiderwebs—a small event on one side of the web can be felt throughout the entire structure. While the data processing itself relies on artificial intelligence, the rules and settings the AI is instructed to follow are still created by humans and are susceptible to human error.

10. Inadequate Post-Attack Procedures

Holes in security must be patched immediately following a cybersecurity attack. 60% of cyber attacks could have been prevented if an available patch had been applied, and 39% of organizations say they were aware they were vulnerable before the cyber attack occurred.

New in 2023

One increasingly popular solution is the adoption of the subscription model for patch management software. “Patching-as-a-Service” products provide continuous updates and patches, increasing patch speed and efficiency. Automated patching also reduces the likelihood of patch vulnerabilities created due to human error.

Staying on Top of It All

Staying aware of and protecting against new cybersecurity threats as they appear can be overwhelming. With millions of hackers working around the clock to develop new attack strategies more quickly than companies can update their defenses, even the most well-fortified cybersecurity system can’t provide guaranteed protection against attacks.”

Cybersecurity Tips for Employees

In excerpts from an exhaustive article by Acora, they wrote, “Cyber security threats are constantly evolving, so it is important to stay up-to-date on the latest threats and to take steps to inform all your employees.

Take a look at the following cybersecurity tips to learn your “something new” for today 😃

#1 TREAT BUSINESS INFORMATION AS PERSONAL INFORMATION

Business information typically includes a mix of personal and proprietary data.

Be exceptionally careful about what you are sharing, and be cautious of how you are sharing it.

#2 CONNECT ONLY WITH PEOPLE YOU TRUST TO PREVENT SECURITY RISKS

Cybercriminals frequently use social media to harvest information about potential targets for social engineering purposes.

#3 DOUBLE YOUR LOGIN PROTECTION TO STOP DATA BREACHES IN THEIR TRACKS

Enable multi-factor authentication (MFA) for added protection. It ensures that the only person who has access to your account is you. Use it for email, banking, social media, and any other service that supports it.

#4 SECURE YOUR HOME NETWORK

Cybercriminals can access all your connected devices via your home router. As more staff work from home, it’s important to secure your home Wi-Fi by setting the password to something complex and personal. Ensure that you have changed the default password on smart devices.

#5 USE A LONG PASSPHRASE PASSWORD

Combine three random words together, with two numbers. Capitalize some characters.

#6 KEEP YOUR SOFTWARE UP TO DATE

Out-of-date devices create opportunities for malicious hackers.

#7 SOCIAL MEDIA IS PART OF THE FRAUD TOOLSET

Cybercriminals can gather corporate data about your business partners and vendors, as well as HR and financial departments, by searching Google and scanning your business social media accounts. It’s used for social engineering.

#8 A CYBER ATTACK ONLY NEEDS TO HAPPEN ONCE

Many breaches can be traced back to a single phishing attempt, security vulnerability, or instance of accidental exposure. Do not click on unknown links, be wary of unusual sources, and delete suspicious messages.

#9 BACK UP YOUR DATA

Back up all your data to another device or third-party cloud service in case your device is compromised. Remember 💡 Synchronisation services such as OneDrive and Dropbox are not data backup solutions. The changes ransomware makes can damage synchronized copies too. Be sure to periodically back up any data that cannot be recreated such as photos or personal documents.

#10 STOP AUTO CONNECTING

Make sure your device doesn’t automatically seek and connect to open wireless networks or Bluetooth devices. This opens the door for cybercriminals to remotely access your device and gain access to sensitive information. Disable these features so the choice to connect to a secure network is in your hands.

#11 AVOID SENSITIVE ACTIVITIES ON PUBLIC WIFI

Do not trust any network without an access password, and consider using a VPN to keep your confidential data private when using public networks.

#12 LIMIT WHAT INFORMATION YOU POST ON SOCIAL MEDIA

Many people don’t realize that personal posts on social media are all that criminals need to know to target you, your loved ones, and your physical belongings – online and in the real world. This includes: Full names, Postal addresses, Birthdays, Children, Holidays, and Location

#13 NEVER LEAVE YOUR MOBILE DEVICES UNATTENDED

Keep your devices secured in taxis, at airports, on airplanes, and in your hotel room. Never leave your equipment unattended in a public place. Enable “automatic lock” functionality where available.

#14 PLAY HARD TO GET

No, this is not love advice 😊 Cybercriminals use social engineering tactics, hoping to fool their victims. If an email looks “phishy,” do not respond and do not click on any links or attachments.

When available, use the “junk” or “block” option to no longer receive messages from a particular sender.

#15 CHECK YOUR APP PERMISSIONS

Your mobile device can have suspicious apps running in the background or using default permissions you never realized you approved. Use the “rule of least privilege” to delete permissions that you don’t need or no longer use.

#16 PROTECT YOUR DEVICES WITH ANTIVIRUS SOFTWARE

Make sure your device’s security software scans for viruses and malware. That includes your personal devices too, especially if you have work-related data on there.

#17 FILE SHARING BETWEEN DEVICES SHOULD BE DISABLED WHEN NOT NEEDED

You may want to consider creating a dedicated directory for file sharing and restricting access to all other directories. You should always only choose to allow file sharing over home or work networks. Never on public networks.

#18 GET ASSISTANCE TO SECURE YOUR NETWORK

Check the customer support area of your ISP or router manufacturer’s website for specific suggestions to assist in securing your wireless network.

#19 USE A VPN (VIRTUAL PRIVATE NETWORK)

VPNs encrypt connections at the sending and receiving ends and keep out traffic that is not properly encrypted. VPNs allow employees to connect securely to their network when away from the office.

#20 KNOW WHO IS ON YOUR NETWORK

Most wireless access points and wireless routers let you see which devices are connected. Review these lists frequently for any devices that are unfamiliar, either blocking those that are unfamiliar or changing WiFi passwords to keep unauthorized devices out.

#21 DON’T TELL ANYONE YOUR PASSWORDS

Seems like an obvious one, but you would be amazed how many people write down their passwords or share their login credentials via email. Every time you share or reuse a password, it chips away at your security by opening more ways with which it could be misused or stolen.

#22 UPDATE YOUR SOCIAL MEDIA PRIVACY SETTINGS

Disable geotagging. It allows anyone to see where you are, and where you aren’t, at any given time.

#23 CHECK FOR THE “GREEN LOCK”

Practice safe surfing wherever you are by checking for the “green lock” or padlock icon in your browser bar when making financial transactions. It indicates a secure connection that has undergone extended validation, and that the business you are dealing with takes the security of your transaction seriously.

#24 SHARE WITH CARE

Even if you delete a post or picture from your profile seconds after posting it, chances are someone still saw it. Think before you post.

#25 USE A PASSWORD MANAGER

A password manager is the most secure way to store all your unique passwords. With just one password, you can create unique passwords for every account that you have.

#26 BE WARY OF COMMUNICATIONS THAT IMPLORE YOU TO ACT IMMEDIATELY

Cybercriminals will always attempt to create a sense of urgency, causing the recipient to fear their account or information is in jeopardy, or that they are about to miss out on something.

#27 BE WARY OF HYPERLINKS

Hover over links to verify they are authentic. Ensure that URLs begin with “https.” This indicates encryption is enabled to protect your information. Watch out for “lookalike” domains, such as “myb4nk.com”.

#28 UTILISE A FIREWALL

Firewalls can prevent some cyber attacks by limiting malicious traffic. They can also restrict unnecessary outbound communications.

#29 DOUBLE CHECK EMAIL ADDRESSES and ATTACHMENTS

It is common for cybercriminals to alter the return address so that it looks like the message came from someone other than the sender. Before opening any attachments, verify that the message is legitimate by contacting the person who sent it. Be especially wary of unsolicited attachments.

#30 UTILISE THE “GUEST” ACCOUNT OPTION ON WIFI

A widely used feature on many wireless routers, it allows you to grant wireless access to guests on a separate wireless channel with a separate password. This maintains the privacy of your primary credentials.

#31 WATCH OUT FOR PHISHING 🎣

Its goal is to gain sensitive information about you and use it to make unauthorized purchases or to gain access to a secure system. Be a cynic. Always suspicious of unexpected emails.

#32 USE UNIQUE PASSWORDS

Too many people fall into the trap of using the same or very similar password for all accounts.

Cybercriminals try to use stolen passwords from one service to log into other services, known as “credential stuffing.” Defeat this by using a unique strong password for each service.

Bonus: Use a password management app to set random passwords for each account.

#33 UNDERSTAND AND FOLLOW COMPANY POLICIES

To maintain information security, your company may have developed a number of policies.

This could include a:

Work From Home (WFH) policy

  • Acceptable Use policy
  • Data Security policy
  • Cryptographic policy

If you are uncertain about your employer’s data security expectations, we recommend you request clarification from them or review their policies again.

#34 IF IN DOUBT, REPORT TO YOUR IT DEPARTMENT

Timing is everything with cyber security, so don’t be afraid to report a cyber security incident.

Especially, when you’re at fault. Your IT team will thank you for it.

(Obviously, not the part where you clicked on the link 😉).”

Summary

As the digital landscape continues to evolve at an unprecedented pace, small and medium businesses (SMBs) face a constantly evolving and intricate web of cyber threats that can potentially compromise their operations, finances, and reputation. The expanding interconnectedness of networks, combined with the ingenuity of cybercriminals, has elevated the urgency for SMBs to fortify their cybersecurity defenses.

The cyber threat landscape outlined in this article, based on insights from industry experts and sources like Embroker, underscores the growing complexity of challenges that SMBs must confront. From the subtle manipulation of social engineering to the ever-evolving tactics of ransomware attackers, each threat demands vigilance and strategic preparation. Moreover, the surge in remote work, cloud adoption, and IoT connectivity bring new dimensions to the battlefield, requiring SMBs to adapt their security measures accordingly.

While the challenges are significant, there is ample room for optimism. The strategies and recommendations presented here offer SMBs a roadmap to resilience. By fostering a culture of cybersecurity awareness, implementing robust data management practices, and leveraging advanced technologies such as VPNs and multi-factor authentication, SMBs can actively defend against the array of threats they face. Equally important is staying informed, as cybersecurity is a dynamic field where knowledge can mean the difference between prevention and breach.

In a world where cyber threats are a constant reality, SMBs must embrace the imperative to evolve and adapt. By understanding the current threat landscape, implementing proactive measures, and fostering a security-conscious mindset across their organizations, SMBs can not only survive in the digital frontier but also thrive in an environment where cyber resilience is a competitive advantage.

At Adaptive Office Solutions, cybersecurity is our specialty. We keep cybercrimes at bay by using analysis, forensics, and reverse engineering to prevent malware attempts and patch vulnerability issues. By making an investment in multilayered cybersecurity, you can leverage our expertise to boost your defenses, mitigate risks, and protect your data with next-gen IT security solutions.

Every single device that connects to the internet poses a cyber security threat, including that innocent-looking smartwatch you’re wearing. Adaptive’s wide range of experience and certifications fills the gaps in your business’s IT infrastructure and dramatically increases the effectiveness of your cybersecurity posture.

Using our proactive cybersecurity management, cutting-edge network security tools, and comprehensive business IT solutions, you can lower your costs through systems that are running at their prime, creating greater efficiency and preventing data loss and costly downtime. With Adaptive Office Solutions by your side, we’ll help you navigate the complexities of cybersecurity so you can achieve business success without worrying about online threats.

To schedule a Cyber Security Risk Review, call the Adaptive Office Solutions’ hotline at 506-624-9480 or email us at helpdesk@adaptiveoffice.ca

Categories
Archives