Cyberattacks Prove Costly
Why Business Owners Must Be Proactive
Key Takeaways:
- Small businesses are increasingly targeted by cyberattacks, with phishing being the leading cause of breaches.
- Employee training and strong security practices are key to preventing cyber threats like malware and phishing.
- Investing in proactive cybersecurity measures is far cheaper than dealing with the fallout of a cyberattack.
As a business owner, your focus is on growth, profit and keeping things running smoothly. But lurking in the background is a growing threat that could derail everything: cyberattacks. While it may seem like these attacks only hit big corporations, the truth is that nearly 46% of all cyberattacks target small businesses. And the consequences? They’re costly—far more than you might realize.
In 2023 alone, cybercrime caused an estimated $8 trillion in global damage, and that number is expected to rise by 15% annually over the next three years. This isn’t just an IT problem; it’s a major business risk. Whether you’re a local operation or a larger player, if your business is online, you’re at risk.
Phishing: The Leading Culprit
You’ve probably heard of phishing—when hackers trick your employees into giving away sensitive information. It sounds simple, but it’s effective.
In 2022, 90% of all data breaches were the result of phishing attacks.
This kind of attack is where criminals pretend to be a reputable organization in order to obtain sensitive information such as account credentials (email, bank, etc.) and credit card numbers. This can be done in a number of ways including:
- Email phishing: An attacker sends an email that appears to be from a legitimate source, like a bank or popular website. The email often asks the user to click on a link or download an attachment. Doing so takes them to a fake website that steals sensitive information. It is the most common type of phishing attack.
- Spear phishing: More targeted than email phishing, it’s aimed at a specific individual or organization. The attacker will often use information gathered from social media or other sources to make the email appear more legitimate.
- Smishing: Carried out via text message, the attacker will send a text message appearing to be from a legitimate source, such as a bank or a government agency. The message often links to a fake website designed to steal sensitive information.
- Vishing: This attack is carried out via voice call where the attacker will pose as a legitimate source, such as a bank or government agency, and ask the user to divulge sensitive information over the phone.
- Clone phishing: This type of attack involves the attacker creating a fake website that looks identical to a legitimate one. The user will often be directed to the phony website via a link in an email or text message.
You Know It’s Phishing When…
Since the impact of phishing attacks on small businesses can be devastating, it’s important that you look for some common red flags. Here are a few things that will alert you that a communication received is a possible phishing scam:
- Misspellings
- Grammatical errors
- A sense of urgency in the message
- A request to click on a link or provide private information
How to Protect Yourself from Phishing
You can take a number of actions to protect your company from phishing scams that start with employee education as well as a few technical solutions. Here are some security measures designed to prevent phishing attacks from succeeding.
- Educate employees to identify and avoid phishing attacks. Train them on how to recognize suspicious emails or messages. And make sure they never click on links or download attachments from unknown sources.
- Implement multi-factor authentication for all company accounts. This requires employees provide a second form of identification, such as a code sent to their phone, and their login credentials to access company systems. It works by denying attackers access even if they have obtained login credentials. It’s also valuable in remote work environments as will be discussed
in the next chapter. - Execute advanced email security solutions. These solutions use machine learning algorithms to detect and block suspicious emails before they reach employee inboxes. This can be especially effective in preventing attacks that use sophisticated social engineering techniques. Also, having systems that report suspicious logins or emails being sent at suspicious times is key to identifying if you have been compromised.
- Develop and implement proper change procedures. Identify specific changes that should not be solely based on email communications. A couple of examples include a vendor changing a banking account number or an employee redirecting their payroll to a different bank. These actions should require someone to pick up the phone or speak face to face with an individual or entity to verify it is a legitimate change.
- Develop and implement an incident response plan. Outline the steps to take in the event of a phishing attack. Be sure to include how to contain the damage, investigate the incident and restore normal operations. Having a well-defined incident response plan can help minimize the impact of a phishing attack and reduce the time it takes to recover.
Companies must stay vigilant to protect assets. It’s how you can minimize financial losses and damages to the company’s reputation.
Malware is Common in Phishing & Other Cyberattacks
Malware can be spread through infected email attachments, malicious websites or vulnerabilities in software. It’s how bad actors steal your identity and try and extort money, disrupting your business operations and potentially landing you in legal hot water. And with 560,000 new pieces of malware detected daily, for more than 1 billion total malware programs, it’s likely going to hit your company at some time.
Malware is a type of software that cybercriminals use to gain access to a company’s network, steal sensitive data or disrupt the network’s operations.
A number of different types of malware are being used today, including these that are seen most often:
- Viruses: Viruses replicate themselves and spread from one computer to another inside files. It’s triggered by accessing the file. Once a virus infects a system, it can damage files, steal information and cause various other problems. It’s one of the most common types of malware.
- Worms: Like viruses, worms are self-replicating malware that can spread through a network. However, you don’t need to open a file or click on anything to trigger it. You can get one simply by being on the same network with a device that is infected. Worms also cause severe damage by consuming system resources, degrading network performance and stealing sensitive information.
- Trojan horses: Here malware disguises itself as legitimate software. Once installed, it can perform various harmful activities, such as stealing passwords and personal information, deleting files and even taking control of the computer system.
- Adware: This software displays unwanted advertisements on a computer or mobile device. While not always malicious, adware can still be a nuisance and a security risk. It spreads when someone downloads a free program or by going to website that takes advantage of vulnerabilities in the internet browser.
- Spyware: It’s designed to capture virtually everything done on a computer or device without the user’s knowledge or consent. This can include keystrokes, browsing history and login credentials. It’s hard to find and is often installed on a computer without the user’s consent when they download internet software, web browser tools, ad blockers and other types of freeware.
- Ransomware: Files on a computer or network are encrypted by ransomware making them inaccessible to the user. The attacker then demands payment in exchange for the decryption key. It comes when users visit fake websites, open unexpected attachments or click on a malicious link in an email, social media post or instant messenger.
You Know It’s Malware When…
Hopefully, you have antivirus software that alerts you to malware being on the computer telling you that a file has been blocked. It’s actually difficult to tell that malware is on your computer once it’s there, but here are a few signs to look for:
- Slow performance where your computer is taking longer to start up or open applications
- Popup ads that you see are increasing or appearing where you normally wouldn’t see them
- Unusual activity on the network where there is unnecessary activity or servers may be sending out spam emails
- Unexpected changes to your device settings that you didn’t make, like new toolbars in your web browser
- Antivirus software alerting you to malware or blocked sites
How to Protect Yourself from Malware
As with phishing, you need to make sure your employees are trained to not click on potentially malicious links and to protect their usernames and passwords. In addition, consider:
- Document policies and procedures outlining the data you have and how it is secured
- Install advanced endpoint and network security (AI, machine learning, XDR, MDR, etc.)
- Utilize a Security Operations Center or SOC to watch your network
- Keep your software up to date and run regular reports to prove it
- Use strong passwords (at least 12 characters long with uppercase letters, lowercase letters, numbers and symbols)
- Back up all data and test regularly
81% of company data breaches are caused by poor passwords.
Considering the damages malware attacks can have on your business along with the potential price you may be forced to pay to regain access to your systems, you cannot take malware lightly.
Other Cyberattacks You Might See
The prevalence of phishing and malware has led some bad actors to try and evade detection by using more uncommon types of attacks to get your valuable information. While the following are more uncommon, you may find that you need to take additional actions to protect your company from them.
- Denial-of-service (DoS) attack: A network or server is overwhelmed with traffic making it unavailable to legitimate users. Cybercriminals use botnets, which are networks of infected computers, to carry out these attacks.
- Signs of an attack include an inability to access websites or services, a slow network or connection speed, error messages or unresponsive servers or systems.
- Protect yourself by using firewalls and intrusion prevention systems to filter out malicious traffic.
- Man-in-the-middle (MITM) attack: Cybercriminals intercept communication between two parties like a company and a client. Sensitive information is then stolen including passwords, credit card details and other confidential information. For example, email hijacking, is where the hacker compromises and gains access to a target’s email account. The attacker then silently monitors the communications between the client and the provider and uses the information for malicious purposes. Once they identify a way to leverage the information they have gathered, they start reaching out to individuals you have emailed previously and try to get them to reroute payments to a different location. To keep these conversations under your radar, they will create rules within your email platform and sometimes even operate out of your trash or junk mail folders.
- Signs of an attack include unusual network activity like high amounts of data transfers, suspicious network requests, SSL/TLS certificate warnings, unusual web browser behavior and suspicious logins.
- Protect yourself by using secure communication methods, such as SSL/TLS encryption, whenever possible. Use only secure Wi-Fi networks to avoid opening up sensitive data on public Wi-Fi networks. And keep all software up to date so vulnerabilities in older software versions cannot be exploited.
- Brute force password attacks: This is a straightforward approach where the attacker uses automated software to try all possible combinations of characters until the correct password is found. This method is time-consuming but effective against weak passwords.
- Signs of an attack include multiple failed login attempts, unusual activity on your account, password change requests, unusual IP addresses and a slow or unresponsive system.
- Protect yourself by requiring strong passwords and implementing a lockout policy that locks out users after a certain number of failed attempts.
- Insider threats: A growing concern for businesses as they involve employees or contractors who have access to sensitive information and may intentionally or unintentionally leak or steal it. Insider threats can take many forms, including data theft, sabotage or unauthorized access to sensitive information.
- Signs of an attack include unusual data access or access outside of normal job duties, unusual system changes, unusual behavior by an employee and breaches in security policies.
- Protect yourself by implementing access controls that limit the amount of data employees or contractors can access. Conduct background checks on new employees and contractors and also regularly monitor network activity for any signs of suspicious behavior.
The less common attacks are harder to pull off successfully. However, the payoff for doing so may be higher. A sophisticated, targeted attack like one of these is often directed at higher-value targets. The more value a bad actor sees in your company’s data, the more creative they will get. That’s why you need to understand your risk.
Prevention: The Smarter (and Cheaper) Option
Here’s the good news: you don’t have to sit around waiting to be the next victim. Cybersecurity might sound like a big expense, but compared to the cost of dealing with a breach, it’s a bargain. Think of it as insurance—something you invest in now to avoid paying out big later.
If you would like to discuss developing a cybersecurity plan for your company, contact an Adams Brown Technology Specialist.