Small to medium businesses (SMBs) remain exposed to cyberattacks. SMBs typically don’t have the budget to invest in capable security solutions to establish a strong security posture. This makes them an easy target for cybercriminals. Seventy-six percent of SMBs in the US have reported a cyberattack in 2019.
Hackers can now use various methods to infiltrate a system. They can run automated scripts to look for vulnerable networks and bypass security. Hackers can also use sophisticated and targeted attacks such as spear phishing to steal sensitive data. The customer data they obtain can fetch a fair price on the dark web. Unfortunately, experts say that the number and sophistication of cyberattacks will only continue to grow in 2020.
Suffering from a single data breach can have dire consequences for businesses. Firms lose an average of $369,000 due to cyberattacks. As such, it’s critical for SMBs to tighten up their defenses. They must be always aware of the latest threats and explore cost-effective solutions to help mitigate them.
Here are four key cybersecurity concerns SMBs have to face in 2020 and what they can do about it.
1. Ransomware is evolving
One of the most common cybersecurity threats SMBs face is ransomware. Ransomware is a type of malware that encrypts files and restricts user access unless a ransom is made. It can cause downtime, corruption of data, and financial losses. 55 percent of SMBs say they would pay up after a ransomware attack.
To exploit more companies and get bigger payloads, advanced persistent threat (APT) groups have doubled down on their efforts to develop more powerful ransomware threats. For example, a new type of ransomware was spotted last December that combines data exfiltration and encryption to force more ransom payments.
APT groups are quite sneaky and can continuously introduce malware into target systems. Simply installing antiviruses on endpoints may not be enough to prevent a ransomware attack.
An emerging way to routinely test if security measures work is through breach and attack simulation (BAS). BAS platforms like Cymulate, can check if networks have vulnerabilities that would allow APTs to introduce malware. They can also test the effectiveness of antiviruses by simulating if the malware can deploy its payload and even exfiltrate data. The platform allows tests to be scheduled and launched automatically, providing means for companies to have continuous security testing and risk assessment. This way, companies can identify which of their security components need to be strengthened or even replaced at all times.
2. Smart devices still have poor security
Internet-of-Things (IoT) devices are becoming popular even with SMBs as offices begin to use smart thermostats, lighting, and various connected appliances. Cheap devices have already flooded the market. Unfortunately, since security standards for IoT device manufacturers are still poorly defined and adopted, most devices lack the right security features to prevent most common hacks.
To address this, SMBs must first consider acquiring only those devices that feature essential security features such as access controls, firm updates, and security protocols. They must also ensure not to let these devices operate in their default out-of-the-box states. Most default passwords are known publicly, allowing attackers and malware to hijack such devices.
Organizations can also improve their network security by adopting web application firewalls (WAFs). Imperva’s WAF analyzes all requests to applications and screens those coming from malicious sources. Preventing bad traffic is an effective way to stop attacks from even reaching devices in the first place. The service can be deployed both on cloud and on-premises apps.
3. Companies lack access controls
Cloud adoption in SMBs is increasing. Small businesses have turned to digital solutions to improve their operations and boost efficiencies. However, they may just be making themselves even more vulnerable due to poor password security. Password sharing and reuse are common employee practices. About 80 percent of hacking-related breaches are caused by compromised passwords.
Single sign-on solutions such as OneLogin can help small businesses implement strict access controls and authorize select individuals to access specific apps. The platform also offers a multi-factor authentication (MFA) feature to add another layer of security. SMBs can also adopt a password manager such as LastPass that can generate strong passwords for each staff member and detect suspicious login attempts.
4. Compliance will matter
Privacy regulations such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) that aim to improve data protection are making businesses more accountable for the data they collect. Businesses must now collect, manage, and protect customer data based on the provisions of these regulations.
Failing to comply can result in potential lawsuits and hefty fines. Digital marketing agency Bisnode, for example, was fined €220,000 (approximately $238,000) for GDPR non-compliance in 2019.
SMBs can turn to law firms that offer assistance from GDPR consultants, security experts, and legal advisors to properly respond to data breaches and minimize their potential exposure to further costs due to fines and litigation.
Setting up a defense
It’s critical for SMBs to implement strategies that can help protect their organizations from various threats. They can adopt capable security solutions, establish policies, and conduct sufficient training for their employees. While these can help, SMBs must remain vigilant and establish a privacy-first mindset in their organizations. Ultimately, it will take everyone’s multi-approach efforts to keep their system and its data protected.