Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceCybersecurity News

Tips small businesses can use to strengthen their cyber health

By Carolyn Crandall
cyber hack
March 15, 2021

While cyberattacks targeting large corporations or government agencies tend to make splashy headlines, the truth is that many attackers are shifting their priorities to focus on small businesses. Unfortunately, these smaller businesses generally lack the resources and security capabilities of larger organizations. In fact, 83% of small business owners report handling cybersecurity matters themselves.

Although small businesses may not have the financial resources of larger enterprises, they do possess a trove of business and customer information that can net attackers a tidy profit either via ransomware or sale on the dark web. Understanding today’s threats—and how to defend against them—has grown increasingly critical for small businesses. Here are a few of the most common attack vectors that they should be prepared to face.

 

For Small Businesses, Cyberattacks Can Be Crushing

The 2020 Verizon Data Breach Investigations Report (DBIR) found that 28% of breaches involved small business victims. Ransomware demands have also skyrocketed, with the average payment jumping from $111,000 to $178,000 in 2020 alone—a 60% increase in less than a calendar year. With these numbers sharply on the rise, it is not surprising that 60% of victims go out of business within six months of an attack.

The COVID-19 pandemic also created new opportunities for attackers to strike, particularly as businesses rapidly adjusted to remote work. As COVID-19 vaccines enter distribution, attackers will see this as a new and lucrative opportunity. Security pros have already discovered wide-ranging cyberattacks targeting large and small businesses up and down the supply chain. With attackers only growing more determined, companies should look to shore up their networks against a wide variety of attack vectors. They should also establish additional visibility into attackers seeking to secure privileges and move laterally to further their attacks.

 

Credential Theft Continues to Loom Large

According to the DBIR, 80% of hacking-related breaches involve brute force attacks or stolen credentials. Poorly secured credentials represent a problem that affects businesses large and small, with incidents ranging from last year’s Twitter hack to a recent ransomware incident that forced two Michigan doctors to shut down their practices. Attackers attempt to get their hands on these credentials in various ways, including phishing scams and searching unsecured endpoints for exposed credentials. Many of today’s small businesses use Active Directory, a popular target for attackers looking to escalate their privileges.

Recent surveys have shown that privileged access was used in three out of four attacks, demonstrating how vulnerable organizations are when they cannot prevent the theft of credentials and privilege escalation activities. Finding and remediating these exposed credentials before attackers identify and exploit them is essential. Businesses can turn the situation to their advantage by seeding their networks with deceptive credentials that trick intruders into exposing themselves. Defenders can then neutralize the attack and gather adversary intelligence to better prepare for the next attack.

 

Ransomware Is on the Rise

Though specific estimates vary, security experts all agree that ransomware attacks have risen at an astonishing rate amid the pandemic. Ransomware as a Service (RaaS) has become increasingly common, effectively lowering the barrier to entry for would-be cyberattackers by making ransomware software available for purchase on the dark web. One small business in Kentucky recently paid a $150,000 Bitcoin ransom to gain back control of its systems, and they were hardly alone.

Ransomware is notoriously difficult to stop because attacks tend to move low and slow to probe the network for information. They use “living off the land” techniques and steal credentials to mimic employee behavior as they quietly move laterally through the network to establish their foothold. Organizations need strong in-network protections capable of detecting lateral movement and privilege escalation to prevent these attacks. Using modern concealment technology to hide real files, credentials, and assets as well as sprinkling false ones throughout the network can efficiently serve to prevent ransomware and stop any live attack in its tracks.

 

Cloud Misconfiguration Visibility is a Growing Problem

The growth of cloud computing (especially amid the rise of remote work during the COVID-19 crisis) has made networks more complex. Unfortunately, misconfigurations often leave security gaps for attackers to exploit. The DBIR noted that error-driven breaches caused by misconfigurations rose by 20 percentage points in its most recent report—and that was before the effects of the pandemic had fully taken hold.

It is more important than ever for small businesses to understand the shared security model. Namely, cloud providers may protect the infrastructure, but data protection often still lies in the hands of the business. Small businesses cannot operate under the assumption that the cloud provider will take care of everything. Instead, they should seek out tools to provide them with network visibility and help identify misconfigurations and other security gaps before attackers can exploit them.

 

Understand Today’s Threats and Practice Good Cyber Hygiene

While credential theft, ransomware, and exploiting misconfigurations are not the only tactics cybercriminals use, they are among the most common. Modern innovations have introduced new tools that are extremely effective in defending against advanced attack techniques and can strengthen a small business’s cybersecurity posture across the board. Attack path visibility, lateral movement detection, and the use of deceptive concealment and decoy assets can help turn the tables in favor of defenders, making life harder for cybercriminals and prompting them to give up or seek out easier prey. Making life difficult for attackers is one of the most effective tactics for defenders, and today’s cybersecurity tools make it easier for every small businesses to efficiently and safely protect their businesses.

KEYWORDS: cyber security ransomware Small and mid-sized (SMB) business security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Carolyn crandall 200px

Carolyn Crandall holds the roles of Chief Security Advocate and CMO for Cymulate. She is a high-impact technology executive with more than 30 years of experience.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Leadership and Management
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security camera

40,000 IoT Security Cameras Are Exposed Online

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • smb-cyber

    How small businesses and restaurants can protect themselves from cyber threats

    See More
  • Fraud Cybersecurity Banking in Canada

    How Small Businesses Can Improve Cybersecurity Without Breaking the Bank

    See More
  • Hacker graphic over map

    10 tips for small businesses to prevent cyberattacks

    See More

Related Products

See More Products
  • school security.jpg

    School Security: How to Build and Strengthen a School Safety Program

  • 1119490936.jpg

    Solving Cyber Risk: Protecting Your Company and Society

  • 9780367339456.jpg.jpg.jpg

    Cyber Strategy: Risk-Driven Security and Resiliency

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing