SMBs in the Crosshairs: No Size Too Small for Cyberattacks

Protecting systems and devices has never been more challenging. Attack surfaces continue to expand and cybercriminals use increasingly sophisticated methods to gain entry into organizations.

It’s a mistake to think that small and medium-sized businesses (SMBs) aren’t in the crosshairs. While news headlines focus on high-profile ransomware attacks, the damage and destruction that small and medium-sized businesses incur is significant.

For example, Webroot found that half of all attacks resulted in ransom demands exceeding $50,000, and the cost of remedying an attack typically runs into the tens of thousands of dollars. In addition, 38% of SMBs that suffered an attack said that it harmed their brand reputation.

Making matters worse, the trendline for malware isn’t attractive. Skilled social engineering, increasingly sophisticated malware, and the emergence of ransomware-as-a-service—which allows those with limited skills to download and deploy payloads—have completely changed the stakes.

Risky Business

There are a few bright spots in today’s environment, such as the industry’s ability to take down one of the peskiest ransomware risks, Emotet, in 2020. However, it’s impossible to breathe a sigh of relief. Consulting firm Accenture found that there was a 27.4% increase in security breaches in 2020.

Meanwhile, Webroot has identified several key trends:

• More than 60% of individuals admit using their personal devices to connect to their company network. The pandemic and today’s work-at-home culture are ratcheting up risks. These devices are nearly twice as likely to be infected.
• Remarkably, about 10% of business devices still run Windows 7, which greatly increases the risk level. Microsoft stopped supporting the operating system in early 2020, and has introduced numerous protections in Windows 10 that make it more difficult to exploit the operating system.
• While there’s a perception that Windows systems are primarily at risk, no operating system or platform is immune. Today, malware and ransomware regularly infects Macs, Linux, Android and iOS devices.
• Malware authors are shifting their methods to what is called LoL bins, or Living off the Land Binaries. These are components that allow an attacker to use the baked-in functionality of the OS to orchestrate an attack. An example of this is Windows PowerShell.
• The SolarWinds attack demonstrated that cybergangs have also found ways to install malware through legitimate patches coming from trusted sources.
• Ransomware-as-a-service has created lower barriers of entry for nontechnical players. They simply download a package for a fee and begin phishing and attacking for ransoms.
• Cybercriminals are evolving their tactics. They increasingly exfiltrate critical and often sensitive data before encrypting it on systems and then demand a ransom. They also disable and encrypt backups.

Fighting Back

SMBs must adapt to this changing threat landscape. This includes using techniques to thwart LoL binaries, such as switching off PowerShell and other components that aren’t required, and ensuring that cloud instances aren’t spun up with default vendor settings.

It’s also wise to deploy a layered defense-in-depth approach that includes malware protection, timely patching, DNS security, encryption at rest and in motion, multiple backup sets, and multi-factor authentication (MFA). A compromised password isn’t a major risk when an organization uses MFA.

Yet perhaps the most effective method for blocking malware is education and training. The vast majority of infections are caused by employees clicking bad links or having poor password practices. Individuals must know how to spot phishing attempts and other social engineering methods.

A good managed service provider can help build a framework that’s agile and flexible enough for today’s needs. It can address the knowledge and skill gaps that are common, especially at SMBs.

Although there’s no silver bullet, organizations that adopt a defense-in-depth framework and have a contingency plan for dealing with an attack are far less likely to find themselves staring down the barrel of an expensive and debilitating ransom demand. It becomes an inconvenience rather than a devastating event.

Visit Webroot to learn more.