Tips small businesses can use to strengthen their cyber health

While cyberattacks targeting large corporations or government agencies tend to make splashy headlines, the truth is that many attackers are shifting their priorities to focus on small businesses. Unfortunately, these smaller businesses generally lack the resources and security capabilities of larger organizations. In fact, 83% of small business owners report handling cybersecurity matters themselves.

Although small businesses may not have the financial resources of larger enterprises, they do possess a trove of business and customer information that can net attackers a tidy profit either via ransomware or sale on the dark web. Understanding today’s threats—and how to defend against them—has grown increasingly critical for small businesses. Here are a few of the most common attack vectors that they should be prepared to face.

For Small Businesses, Cyberattacks Can Be Crushing

The 2020 Verizon Data Breach Investigations Report (DBIR) found that 28% of breaches involved small business victims. Ransomware demands have also skyrocketed, with the average payment jumping from $111,000 to $178,000 in 2020 alone—a 60% increase in less than a calendar year. With these numbers sharply on the rise, it is not surprising that 60% of victims go out of business within six months of an attack.

The COVID-19 pandemic also created new opportunities for attackers to strike, particularly as businesses rapidly adjusted to remote work. As COVID-19 vaccines enter distribution, attackers will see this as a new and lucrative opportunity. Security pros have already discovered wide-ranging cyberattacks targeting large and small businesses up and down the supply chain. With attackers only growing more determined, companies should look to shore up their networks against a wide variety of attack vectors. They should also establish additional visibility into attackers seeking to secure privileges and move laterally to further their attacks.

Credential Theft Continues to Loom Large

According to the DBIR, 80% of hacking-related breaches involve brute force attacks or stolen credentials. Poorly secured credentials represent a problem that affects businesses large and small, with incidents ranging from last year’s Twitter hack to a recent ransomware incident that forced two Michigan doctors to shut down their practices. Attackers attempt to get their hands on these credentials in various ways, including phishing scams and searching unsecured endpoints for exposed credentials. Many of today’s small businesses use Active Directory, a popular target for attackers looking to escalate their privileges.

Recent surveys have shown that privileged access was used in three out of four attacks, demonstrating how vulnerable organizations are when they cannot prevent the theft of credentials and privilege escalation activities. Finding and remediating these exposed credentials before attackers identify and exploit them is essential. Businesses can turn the situation to their advantage by seeding their networks with deceptive credentials that trick intruders into exposing themselves. Defenders can then neutralize the attack and gather adversary intelligence to better prepare for the next attack.

Ransomware Is on the Rise

Though specific estimates vary, security experts all agree that ransomware attacks have risen at an astonishing rate amid the pandemic. Ransomware as a Service (RaaS) has become increasingly common, effectively lowering the barrier to entry for would-be cyberattackers by making ransomware software available for purchase on the dark web. One small business in Kentucky recently paid a $150,000 Bitcoin ransom to gain back control of its systems, and they were hardly alone.

Ransomware is notoriously difficult to stop because attacks tend to move low and slow to probe the network for information. They use “living off the land” techniques and steal credentials to mimic employee behavior as they quietly move laterally through the network to establish their foothold. Organizations need strong in-network protections capable of detecting lateral movement and privilege escalation to prevent these attacks. Using modern concealment technology to hide real files, credentials, and assets as well as sprinkling false ones throughout the network can efficiently serve to prevent ransomware and stop any live attack in its tracks.

Cloud Misconfiguration Visibility is a Growing Problem

The growth of cloud computing (especially amid the rise of remote work during the COVID-19 crisis) has made networks more complex. Unfortunately, misconfigurations often leave security gaps for attackers to exploit. The DBIR noted that error-driven breaches caused by misconfigurations rose by 20 percentage points in its most recent report—and that was before the effects of the pandemic had fully taken hold.

It is more important than ever for small businesses to understand the shared security model. Namely, cloud providers may protect the infrastructure, but data protection often still lies in the hands of the business. Small businesses cannot operate under the assumption that the cloud provider will take care of everything. Instead, they should seek out tools to provide them with network visibility and help identify misconfigurations and other security gaps before attackers can exploit them.

Understand Today’s Threats and Practice Good Cyber Hygiene

While credential theft, ransomware, and exploiting misconfigurations are not the only tactics cybercriminals use, they are among the most common. Modern innovations have introduced new tools that are extremely effective in defending against advanced attack techniques and can strengthen a small business’s cybersecurity posture across the board. Attack path visibility, lateral movement detection, and the use of deceptive concealment and decoy assets can help turn the tables in favor of defenders, making life harder for cybercriminals and prompting them to give up or seek out easier prey. Making life difficult for attackers is one of the most effective tactics for defenders, and today’s cybersecurity tools make it easier for every small businesses to efficiently and safely protect their businesses.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.

Organizations rely on application innovation, particularly API-driven applications, to fuel their business transformation and growth. Attackers know this and are constantly looking for ways to find the unfindable and break the unbreakable. They’ve got tools, motivation, and time on their side.