The most frequent cyber threats target small and medium-sized businesses (SMBs), sometimes even more frequently because SMBs typically have less protection measures in place and are therefore more susceptible. According to the 2021 Verizon Data Breach Investigations Report, 62% of companies in the Americas experienced a data breach in 2021, of which 20% of the breach victims were small and medium-sized businesses, with a median loss of $21,659 as the cost of the breach.
More soberingly, according to the National Cybersecurity Alliance, 60% of small businesses that experience significant data loss are forced to close within 6 months of the disaster. An incredible 72% close within two years.
Most attacks will seem to take place overnight, but in fact they will probably take place over the days, weeks and months preceding you finding out. This is not unexpected as small and medium businesses rarely have the budgets and headcount to defend against cyberattacks. We are going to detail how we at Astris CSP take action to defend our clients against the top cyberattacks SMBs face.
To start, just plain good security practices and training will help to keep your data safe; we also employ a range of advanced third-party software and tools to add protection. For example, we use Microsoft’s Defender suite on our client’s devices to further safeguard your site and monitor for potential threats.
The Top Four Cyberthreats Facing Small and Medium Businesses
1. Ransomware
Ransomware attacks vary widely but all of them are designed and executed to force you into paying a ransom to get your data and your client’s data back. Often, it will not stop there, and the cyber-attackers will request a second ransom to be paid to stop your and your client’s data being sold or published online.
There are many examples of successful ransomware attacks, and The Colonial Pipeline attack was perhaps the most recent example. A $5 million ransom was paid to regain access to files, data and systems. A more service-based example was the city of Baltimore, which was forced to stop processing all payments in and out.
Ransomware often follows a set of steps before a ransom is demanded. It normally beings by gaining access to your network which normally is achieved by phishing, social engineering or more rarely we application attack. The target is most likely to acquire a set of credentials from one of your staff. They can then use this to deploy ransomware to all the files and computers they can reach.
How Astris CSP defends against Ransomware
It is true that there is no perfect defence against ransomware, Astris CSP presents a string defence in depth. Firstly, we deploy an advanced malware detection solution as small businesses receive 94% of their malware via email. In addition, we work with our client to operate training sessions and test their ability to detect malware.
Once an attacker has gained access to a set of user credentials and a computer to work from, there is very little you can do to prevent the attack. It is like a hurricane, but hurricanes can be prepared for and their impacts mitigated to a large extent.
We deploy systems for our clients to store their files that automatically detect a ransomware attack occurring and isolate un-attacked files. We use this in combination with good backup policies where there is no access to backups from the users’ normal work environments, keeping them separate from the attack.
This can be the difference between paying a hefty ransom and simply restoring the few encrypted systems from backups.
Backing up your data and maintaining a strong incident response policy are always good ideas, regardless of the context. When it comes to ransomware mitigation, keeping good backups in a safe location can be the difference between paying a ransom of thousands of dollars and quickly identifying a breach and restoring your data after a brief period of downtime.
2. Misconfigurations & Unpatched Systems
These misconfigurations and unpatched systems are directly related to the expertise and governance of an IT team and because it is very expensive to maintain as well as deploy an IT environment this issue especially acute in small and medium businesses. These misconfigurations most often occur when security settings are not defined and implemented.
Misconfigurations are often seen as an easy target, as they can be easy for attackers to detect.
Most common misconfigurations are unpatched systems, broken access control, sensitive data exposure and vulnerable and outdated parts of an IT environment.
How Astris CSP maintains Patching & Minimizes Misconfigurations
Addressing misconfigurations requires a wide range of skills and Astris CSP employs Certified Microsoft Azure Solution Experts to develop their client’s environments. A well-educated technical team will obviously be less likely to make mistakes, but will continue to make better, more experienced decisions about the organization’s security posture. Patch management (keeping systems updated) is achieved by unusually not doing it.
Astris CSP rebuilds their clients cloud desktops from clean images weekly with the latest updates applied. If usual behaviour is detected or the risk of some ransomware increases, we rebuild the machine completely immediately with no downtime to staff.
In the case of database or application servers managed by Astris CSP within clients’ environments, they are automatically patched weekly as well as being isolated from staff PCs by firewalls.
3. Credential Stuffing
Credential stuffing is when a cyber-attacker uses login information from one website/company to login to another company’s systems. These credentials are normally acquired in a previous attack or purchased from a seller in the “dark web”.
When Disney Plus had its accounts hacked, Disney found no evidence of an attack. The attackers just used the victim’s account with their own username and password from a different site.
Unfortunately, because it is so easy to use this type of attack, it is becoming increasingly common. With the increase in the number of dark web sellers in the last decade, cyber attackers simply place an order for a list of valid usernames and passwords in the same way you might order a book from Amazon.
Using the list of usernames and passwords acquired from the dark web, hackers use a network of bots to attempt to log in to services such as Microsoft 365, Google, AWS and other systems. Once they find a login that works then they have access to that account with little to no evidence of the attack.
The reason that these attacks are so successful is that staff reuse passwords between different websites. A survey in 2019 by Google survey showed that 65% of people reuse passwords on multiple accounts, if not all of them. This makes the likelihood of a credential stuffing attack so high.
How Astris CSP Protects against Credential Stuffing
The reality is that utilizing multi-factor authentication will reduce this type attacks effectiveness by 95%. Using multi-factor authentication, the attacker requires access to the victim’s phone in order to access the account—even when they have a valid username and password.
Credential Stuffing is often used in conjunction with an attack called “MFA fatigue”. This is when the attacker repeatedly uses a stolen username and password to the point that the staff member just presses the ‘Accept’ button on the MFA phone authenticator to make the Authenticator stop or by accident. Even highly sophisticated companies like Cisco have fallen victim to this type of attack.
Astris CSP has a multilayer defence against this type of attack. Firstly, we utilize services that are consistently searching the dark web to verify our clients’ credentials are not for sale. Secondly, we verify each attempt at access our client’s systems against a long list of potentially unusual behaviour and rank the risk that the user credential has been compromised.
Finally, Astris CSP implements an advanced form of MFA for their clients that requires the staff member to enter a code on their phone which is only shown during the login process. This renders nearly all Credential Stuffing and even MFA fatigue attacks pointless.
4. Social Engineering
Social engineering is not the act of compromising a computer system or network, but rather the compromise of a person, which causes them to unintentionally release confidential information. This is nearly always in the form of an email phishing attack where a staff member is tricked into downloading malware or sharing credentials. Typically, this attack is the first step in a multistep cyberattack.
Over 70% of social engineering and phishing incidents are only first identified by your client’s or business partners. Meaning that compromised staff members usually don’t realize they’ve been tricked. Unfortunately, attackers are always developing new ways to evade automated security tools.
How Astris CSP defends against Social Engineering
Social engineering presents in a huge variety of ways, making it very difficult challenge to prepare your staff for different attacks. The best way to these attacks is using cyberattack awareness training. Training not only prepares your employees for what they’ll see, but it can add to a security-first mindset to your culture.
Astris CSP collaborates with our clients to deploy Attach simulation training in conjunction with Microsoft which directly creates awareness by consistently simulating attacks and then delivering targeted training to those who need it the most.
Closing
Unfortunately, 60% of small businesses close within six months of a cyberattack, improving your cyber security isn’t a reasonable, it’s vital to the survival of the company.
Make sure your IT team keep secure up-to-date backups, your software updated, your staff’s credentials safe and your staff cyber-aware because it can make the difference between business as usual and closing up shop.