Due to the Covid-19 breakout, almost every industry including SMBs, the education sector, remote work environments, health care, etc. has been hit by various cybersecurity attacks. According to a survey conducted by the University of Maryland, Hackers attack every 39 seconds on average 2244 times a day. There are approximately 30.2 million SMBs in the US, not all have the tendency to deal with cybersecurity attacks or breaches. The reason behind this is SMBs serve as a soft target for cybercriminals due to their less advanced security infrastructure and a low number of trained cybersecurity staff that respond to the threats and provide a mitigation plan. A study found 43% of SMBs don’t have a cybersecurity defense plan in place at all which leaves their most sensitive financial, customer and business data, and ultimately their companies at significant risk. In this section, we will have a glance at the top ten cybersecurity challenges faced by small and medium businesses
1.Phishing AttacksPhishing attacks are commonly categorized as a social engineering attack where an adversary masquerades as a trusted source and tricks the victim into clicking an email, instant message to view its content. The victim is tricked into clicking a malicious link contained in the email or message which leads to the installation of malware resulting in revealing sensitive information or slowing down the system as a part of a ransomware attack. According to the F5 2020 Phishing and Fraud Report, there has been a significant increase in phishing attacks as compared to past years. The year 2020 is on the target to see a 15% increase in phishing incidents. Verizon 2020 Data Breach Investigation Report pointed out that the use of malware and Trojans have decreased while attackers are more inclined towards the use of phishing. As a part of social action, phishing is achieved 96% of the time via email, 3 % via website, and only 1 % using SMS
2. Ransomware AttacksA type of malware that prevents users from accessing their system or personal files and then demanding a ransom payment in order to regain access. Ransomware attacks are usually carried out via social engineering i.e. sending spam email from a trusted source that looks very enticing for the user and contains malicious attachments or links. Once clicked the malware starts to infect the system usually slowing it down and displaying a ransom note. In most cases, personal files or drives are encrypted and can only be decrypted using a key provided by the adversary once the ransom has been paid. According to a survey, 46% of SMBs have been the targets of a ransomware attack and out of these 73% of those companies have paid a ransom
3. DDOSDistributed Denial of Service (DDOS ) is a cyber-attack on a server, website or network that floods it with huge amounts of internet traffic which overwhelms the target resources in terms of bandwidth, system resources, etc and renders it unavailable for intended users. These types of attacks are usually carried out by a network of compromised or hacked systems known as botnets which are controlled by C&C (Command and Control) Server. A single compromised system is known as a bot. These botnets are controlled by cybercriminals and come into action once the C&C server sends commands to overwhelm a target resource. DDOS attacks are divided into the following categories
- Volumetric Attacks
- Application-layer Attacks
- Protocols Attacks
4. Remote Worker Endpoint SecurityDue to Covid-19, the sudden shift to Work From Home for many organizations was overwhelming. As per Fortinet 2020 Remote Workforce Cybersecurity report, 60% of the organizations reported cybersecurity breach attempts during work from home transition while 34% reported an actual breach in their networks. Cybercriminals treated the pandemic as a golden opportunity to exploit systems as most of them did not employ basic endpoint security. SMBs which used VPNs were not enough to support a fully remote workforce which led to data breaches
5. Insider ThreatsInsider threat is a security risk that initiates from within an organization. The threat actors range from current or former disgruntled employees, consultants, contractors, or advisors in an organization. A study conducted by Ponemon Institute shows that the average cost across the globe related to insider threats rose by 31% in two years to $11.45 million and the frequency of incidents spiked by 47% during the same period of time. An insider threat is categorized into the following types
- Turn cloak: A malicious user that intentionally leaks sensitive information /credentials for personal or financial incentives
- Careless Insider: An organization employee who accidentally exposes the system to outside threats e.g an employee might accidentally click on a malicious link leading to the installation of malware and compromising the organization infrastructure
- Mole: An imposter who is an outsider but manages to get access to the inside network by gaining access to a privileged network.
6. Malware AttacksMalware is a diverse term for malicious code that adversaries/hackers use to gain access to systems, networks, and sensitive data. The sole purpose of malware is to steal data, destroy data, and gain unauthorized access to systems by planting backdoors. Common sources of malware infections are via malicious websites, downloading of malicious software or by connecting to infected systems, networks or websites, etc.
7. Shortage of Cybersecurity ProfessionalsOne of the noticeable challenges faced by SMBs is the shortage of cybersecurity talent. According to a survey conducted by a global non-profit pointed out that due to Covid-19 pandemic cybersecurity attacks increased by 63%.
“We are outnumbered—the people that are doing bad things, whether it’s a nation-state type of activity or cybercrime—the good guys and gals were vastly outnumbered prior to the pandemic,” says David Shearer, CEO of (ISC)2.