It’s a dangerous misconception that smaller companies aren’t a target and, therefore, don’t need to focus on security. SMBs are ever more vulnerable to massive losses due to the rise in cybercrime.
“Just because a business is relatively small doesn’t mean it won’t be targeted by a rapidly growing number of sophisticated digital criminal rings,” says Scott Chasin, CTO at Pax8. “It is very important that we debunk the myth that SMBs are left alone because their business is simply too small to be worth the effort. This is not the case.”
Chasin joined Pax8 earlier this year and oversees a growing and expansive team of engineers, who manage research and development initiatives, and intellectual property for the company , as well as fully vetting security vendors on the company’s cloud marketplace. That marketplace now features more than 20 cybersecurity vendors.
“As attackers increasingly automate attacks, it’s easy for them to target hundreds, if not thousands of small businesses at one time,” Chasin said. “Automation, AI, and Machine Learning promise tremendous advances in the world of IT, but in this case, criminals are investing in lights-out systems that can crawl the web to find companies across every industry category and detect vulnerabilities with no human intervention, and that is frightening. Small businesses often have less stringent measures in place to protect their network, applications, employees, customers, and data, and no plan in place to respond to a surprise attack.”
Chasin is passionate about raising visibility around risks that can be catastrophic for a small or medium- size business.
“SMBs can be easier targets for hackers than bigger organizations, which is why the incidents we know about, the incidents that are tracked, are occurring at much higher growth rates than attacks on what one would assume are more lucrative targets,” Chasin explained.
Even the very smallest businesses can deal with large sums of money and have access to customer data, which, under regulations in the US, including very stringent privacy and security regulations in the state of California and in Europe GDPR, they are obligated to protect.
According to an IBM annual study, the financial consequences of a data breach can be particularly acute for small and mid-size businesses. In the study, companies with fewer than 500 employees suffered losses of more than $2.5 million on average.
“For SMBs, the relative risk is much higher, and their ability to recover much more difficult,” Chasin said. “Losing this amount of money can be devastating and even fatal to small businesses, including reputational risk.”
Phishing accounts for 90% of all breaches that organizations face; they’ve grown 65% over the last year and account for over $12 billion in business losses. Phishing attacks occur when an attacker pretends to be a trusted contact and entices a user to click a malicious link, download a malicious file, or give them access to sensitive information, account details, or credentials.
The biggest and widespread threats facing small businesses are phishing attacks, according to experts. Phishing accounts are responsible for around 32% of confirmed data breaches and 78% of all cybercrimes.
“Today’s phishing attacks are far more sophisticated and pervasive,” Chasin said. “They can happen when a hacker pretends to be a colleague, a partner, a friend, or even the CEO of the company and lures their targets – employees of the company – to click a malicious link, download a malicious file, or give them access to account details, credentials, payment information, customer information and more. The good news is there are solutions now that help warns or stop employees from clicking on malicious links – cloud-based, affordable solutions that can be put in place in minutes and report back on unusual activities.”
There has also been a rise in business email compromise, where criminals steal email account passwords from the highest-level executives, then tunnel into databases, enterprise applications, email systems, financial systems, and more.
“It makes sense to go straight to the top,” Chasin said, “because often the C-suite has the most privileges and even unfettered privileges, which can even include bank accounts.”
Other trending threats, according to Chasin, include malware (trojans, viruses, and malicious code), ransomware (encrypting company data so that it cannot be used or accessed, and then forcing the company to pay a ransom to unlock the data), and old-fashioned password management.
“SMBs are using more cloud-based services, which means more portals, more passwords, more people using their preferred collaboration and storage services, and more,” Chasin said. “Have you ever wondered what might be stored in Dropbox or Box? In Microsoft Teams, Slack, or hundreds of other cloud productivity platforms? It’s complicated, it’s risky, and only with the best solutions, from Multi-Factor Authentication to password change automation, to secure password generation, can every organization protect their assets and business.”
The work from anywhere world is only making security challenges harder.
“Without security solutions in place, SMBs cannot possibly effectively manage so many employees, accounts, devices, and applications,” he said. “The cloud is incredibly powerful, but especially given the mix of public clouds, private clouds, public Internet access, private VPN access, local WiFi routers which can also be compromised – the fact is that the investment in cloud and XaaS can turn into a nightmare if businesses do not establish and dynamically evolve their defenses. We are passionate about bringing the best, fully vetted, most efficient, and affordable cyber solutions to our MSP partners, who are better serving their customers as not just Managed Service Providers but Managed Security Service Providers, given the critical importance of keeping communications and computing infrastructure and assets safe. This is a huge part of our mission.”
Edited by
Erik Linask
