In its 2017 study, The State of Cybersecurity in Small & Medium-Sized Businesses (SMB), the Ponemon Institute found that cyber attacks had cost SMBs an average of $2,235,000.
For many small businesses, a cost of that magnitude is too much to absorb.
In fact, 60% of small businesses struck by a cyber attack shutter their doors and close within just 6 months of the incident.
Finally, cyber attacks aren’t isolated to just a few small businesses. Rather, 43% of all cyber attacks are aimed squarely at small businesses. In other words, your business is a target.
In light of these realities — and the high-cost stakes — you cannot afford to relax when it comes to your cybersecurity efforts. Unfortunately, some SMBs review their posture only after they’ve been attacked, i.e., when it’s simply too late.
More on Small Business Cyber Security:
- Top 3 Ways to Reduce Your Business’ Cybersecurity Risk
- The Top 3 Things Your Small Business Needs to Know about Cybersecurity
- The 21 Biggest Data Breaches of The 21st Century
Be it as a precaution or in response to an attack, the time to start is now. Start by assessing the following 7 device, process, and network security threats and vulnerabilities:
7 Key Cyber Threats and Vulnerabilities
1. Cyber Threats
Phishing & Malicious Emails
According to the Ponemon Institute, social engineering attacks are the leading cyber attack types leveled against small businesses.
The goal of social engineering is to fool the end-user into acting in a way they wouldn’t have had they known better. For example, the attacker could trick the end-user with a fake version of their online banking portal to get the user to provide their login details.
The most common social engineering attacks are phishing and spear-phishing attacks:
The online banking portal example we described above is an example of a phishing attack. The attacker will try to fool your end-user with fake versions of pages, social media accounts, and ads of popular or well-known brands.
These are phishing attacks done by email. They could be targeted at specific individuals or from a spray-and-pray approach, such as flooding random inboxes.
They work like phishing (fooling the user into clicking and responding) but they can also release malware, such as ransomware, into your system through file attachments.
Don’t Have Enough Time to Find Your Cyber Security Gaps?
Don’t Waste Another Second. We’ll Find Them Right Away
Often delivered through spear-phishing emails, ransomware is a type of malware that locks your files, applications, or computer through encryption.
Next, the attacker will demand payment in exchange for restoring your access to your IT assets. Some will threaten to delete your data if you fail to pay in an allotted time period.
3. Website Attacks
Be it hacking your database, defacing your website, denying traffic through distributed denial-of-service (DDoS) attacks, or corrupting your payment portal, cybercriminals can attack your website in a variety of ways.
However, the one constant in all those cyber attacks is that your business will suffer.
Such attacks could damage your reputation in the industry, result in punishment from Google or Bing (thereby causing you to lose your organic rankings), and throttle your sales and revenue.
It’s difficult to recover from just one of these problems, let alone several or all of them, which is a possibility with some website attacks.
4. Email Impersonation
Related to spear-phishing, some attackers will target a specific company by trying to impersonate its executives, suppliers, and clients.
They could send an email masquerading as a vendor and attach a fake invoice with the goal of tricking your finance department to sending them money.
Leading Cyber Security Vulnerability Types
In terms of cyber threats and vulnerabilities, the cyber attacker is only one part of the equation.
Yes, they can cause significant damage, but the main goal of any cyber attacker is to find and exploit gaps and weaknesses in the target, such as the ones below:
5. Failing to Regularly Patch Your IT Systems
Unpatched IT systems are a major cause of cyber exposure. Based on our experience, attackers will exploit vulnerabilities that have been known for over 2 years.
However, simply keeping your operating systems, software/applications, plugins, and other assets up-to-date would go a significant way to closing your vulnerabilities.
6. Insufficient End-User Training
54% of data breaches occur as a result of employee or contractor negligence (Ponemon Institute). This could occur as a result of an employee falling for spear-phishing attack or using weak passwords to guard their assets.
Training is a relatively low-cost, high-impact method of improving your business from cyber threats. Specific steps should include educating your staff to spot phishing and spear-phishing attacks and align with best practices, e.g., setting strong passwords.
7. Weak Passwords & Lack of Multi-Factor Authentication
In even the largest — and one would assume, secure — companies, such as Equifax, you will find someone using “admin” as their password (CNBC).
However, as convenient as it might seem, weak passwords have proven to be a catalyst for setting off major data breaches. Your business cannot afford that. However, requiring strong passwords is only a partial step, your password can’t be your only shield.
You must also invest in multi-factor authentication (MFA).
Should someone get a hold of your password(s), not only will MFA alert you of their login attempts, but you can block them as well. MFA offers another layer of protection.
As you can see, cybercriminals can target you from many angles, so haphazardly spending on cyber security isn’t the right solution. Rather, you must start with a thorough audit of your actual weaknesses and state of readiness, and in turn, invest in solutions that will make a difference.
Power Consulting equips small businesses such as yours with the insights and solutions you need to stop cyber threats from disrupting your operations or consuming your time and energy.