What Cyber Security Threats Should SMBs Assess?

Contrary to popular belief, it’s not large corporations hackers target, those are the headlines speaking. Threat actors have been increasingly targeting small and medium-sized businesses. Statistics suggest 43% of cyber attacks are aimed at small businesses. Not an insignificant statistic.

The reason threat actors look to SMBs is because they assume most of them don’t have strong protective cybersecurity preventatives in place. Often, they’re right. However, SMBs can battle these cybercriminals by performing cybersecurity risk assessments. In Part 1 of this series we detailed specific questions that decision-makers should ask themselves to help identify risks, rank them according to the likelihood of occurrence, and then find solutions to mitigate them.

As a part of this process, it’s helpful to know what to expect. We continue this series with five types of cybersecurity threats SMBs face every day.

1. Phishing

Cybercriminals most often turn to phishing to deliver themselves with the largest payoffs. What they do is fool users into opening emails, texts, or social media posts and direct (or force) the user to download a file, click on a link, or give other instructions that lead to no good because the result is a compromised system. Learn more about how to protect yourself from phishing attacks and ask us about Trava’s new phishing simulation.

1a. Ransomware

Ransomware is a huge problem in itself, but phishing is also the primary method threat actors use to deliver ransomware. The number of ransomware attacks exploded in 2020 and has become a significant problem these days for SMBs—6% of ransomware attacks target them.

2. Weak Passwords

Weak passwords are a persistent problem for businesses of all sizes. Users have a hard time remembering passwords, so they make them easy to remember and use the password across different system components or websites. Many might even use the same passwords for work and home. Other companies forget to change the default that comes with their systems or devices. Every year, passwords such as 123456, 123456789, and “password” consistently make top worst password lists. In 2020, “picture 1” debuted on the list.

3. ‘Drive-by Downloads’

Web surfing is an important part of doing daily business, but unfortunately, your employees may encounter malicious websites, rogue ads, or other problematic issues. When this happens, they may be forced to install malware or spyware on the devices being used, some of which will replicate and spread. Drive-by downloads may also hijack devices, spy on activity, destroy data, or disable devices.

4. ‘Watering Holes’

Watering holes are legitimate websites that threat actors take over and exploit by making them malicious sites. As a result, other people become victims of these tricks. This is a common problem with third-party vendors because they are trusted, making watering holes a consideration for any cybersecurity risk assessment.

5. Insider Threats

Most threats are carried out by external bad actors, but unfortunately, insider threats are something all SMBs need to consider. Former employees, disgruntled employees, contractors, or other associates are common culprits. Social engineering is a huge problem and all employees should be vigilant when outsiders try to work their way into insider circles.

Almost all of the threats SMBs face contain some type of malware attack. A successful attack will essentially cripple an SMB if risks aren’t identified beforehand. Annual cybersecurity risk assessments can help mitigate these threats.

Did you know that cybercriminals will often exploit a company for months before it is noticed, sometimes longer? In Part 3 of this series, we reveal the top three benefits of conducting regular cybersecurity risk assessments.