Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Security Awareness. Show all posts

Small Businesses Prime Targets for Cyberattacks: Key Signs & Defense Strategies

 

In the wake of prominent cyberattacks targeting major entities such as casinos, tech giants, and power grids, there is a common misconception that small and midsize businesses are less susceptible to such threats.
However, recent research conducted on over 2,000 enterprises in this category reveals alarming statistics. Approximately 52% of small and midsize businesses and 71% of midmarket firms experienced ransomware attacks in the past year. Additionally, 56% of small and midsize businesses and 88% of midmarket firms faced various other forms of cyberattacks.

Dismissing the assumption that cyber adversaries only target large corporations may lead to overlooking crucial signs indicating otherwise. Here are three indicators that your business might be on the radar of cyber adversaries:

1. Targeting Multiple Companies in the Same Industry:

Cyber threat actors strategically exploit their knowledge of specific industries to launch targeted attacks on entire classes of enterprises. This involves taking advantage of vulnerabilities in widely used software within a particular sector, such as file transfer applications in regional banks or credit unions. Other instances include targeting healthcare facilities relying on new online services and interconnected devices, as well as exploiting major online sales events in sectors like retail, travel, and hospitality.

2. Repetitive Attacks on the Same Company:
 
Businesses falling victim to ransomware attacks tend to fall into two categories: those that comply with the ransom demands and pay, and those that refuse. Once threat actors discern a company's willingness to pay, research indicates an 80% likelihood of a second attack, with the ransom amount typically escalating. This underscores the importance of understanding your environment and taking proactive measures to prevent recurring incidents.

3. Optimizing for Return on Investment:

 Cyber adversaries often prioritize smaller businesses due to the lower level of effort and risk involved. Smaller enterprises typically possess limited security resources, lower security awareness, and fewer security tools and processes. Notably, only 32% of employees in small and midsize businesses understand phishing, and merely 15% have received security awareness training. Threat actors exploit these vulnerabilities to operate stealthily within the network, causing more prolonged and damaging impacts.

Addressing cybersecurity concerns in today's complex threat landscape requires a proactive approach. Entrepreneurs and business leaders can take the following steps to mitigate risks:

1. Collaborate and Share Threat Intelligence: Coordinate with industry peers to prepare organizationally and technologically for potential attacks. Sharing experiences and lessons learned from compromises can enhance collective preparedness. Utilize Information Sharing and Analysis Centers to gather open-source intelligence and network protection insights.

2. Learn from Attacks and Stay Informed: Stay abreast of security research and advisories provided by vendors, analysts, and government organizations. Understanding the tactics, techniques, and procedures employed by threat actors enables businesses to fortify their defenses. Seek recommendations from peers and security partners on valuable information sources.

3. Implement Security Basics and Engage with Managed Security Service Providers: Focus on fundamental security measures such as patching, email security, secure domain name system configuration, and browser security. Consider working with managed security service providers to enhance visibility into your environment. Regular security awareness training for employees is essential to bolster the human side of cybersecurity.

Moreover, cyber adversaries may possess more information about your business than anticipated. However, by comprehending their tactics, implementing basic security measures, and fortifying your security posture, businesses can significantly reduce the risk of falling victim to cyber threats.

Despite the Risk of Ransomware Attacks, Businesses Continue to Pay

 

Most companies in four Asia-Pacific countries have had to protect against phishing and ransomware attacks, with those infected in Australia being the most willing to pay ransomware demands. Australians are also the most likely to be victims of such attacks, with 92% reporting phishing incidents and 90% reporting business email compromise attacks.

 As per Proofpoint's State of the Phish report, another 86% and 80% have had to deal with ransomware and supply chain attacks, respectively. In Singapore, South Korea, Japan, and Australia, 2,000 employees and 200 security professionals were polled. Singaporeans experienced the next highest number of attacks, with 85% dealing with phishing incidents and 78% dealing with ransomware attacks. Another 72% reported business email compromise, with 46% reporting direct financial loss.

However, while Singapore reported the highest number of ransomware infections (68%), their Australian counterparts (58% of whom were infected) were more likely to cave to ransom demands when breached. In Australia, 90% admitted to making a payment at least once, compared to 71% in Singapore and 63% in South Korea. Only 18% of Japanese businesses paid at least one ransom, the lowest overall, while the global average was 64%.

In accordance with the report, Japanese law forbids local businesses from transferring funds to organized crime, which may include cybercrime. According to Proofpoint, 64% of Japanese respondents reported a successful phishing attack, compared to the global average of 84%. According to the security vendor, this could be due to cybercriminals' lack of fluency in the local language, which makes it easier for Japanese employees to identify poorly worded phishing lures.

"Around the world, English is the language most used in phishing attacks, so businesses that don't conduct activities in English may receive some protection," the report noted. However, it highlighted that it might be less culturally acceptable in some countries to acknowledge they suffered a security breach, resulting in under-reporting. 

In South Korea, 48% of the 72% who experienced ransomware attacks became infected. In Australia, 83% of the 96% who had cyber insurance said their insurer paid the ransom in full or in part. In Singapore, 90% of respondents reported having cyber insurance, with 95% reporting that their insurers paid the ransom in full or in part.

In South Korea, 82% had cyber insurance, while 74% and 72%, respectively, said their insurers covered the ransom payment in full or in part. Globally, 76% of organizations were targeted by ransomware, with 64% becoming infected. 82% of insurers stepped up to pay the ransom in full or in part for those who had a cyber insurance policy for ransomware attacks.

"While conventional phishing remains successful, many threat actors have shifted to newer techniques, such as telephone-oriented attack delivery and adversary-in-the-middle (AitM) phishing proxies that bypass multi-factor authentication," said Ryan Kalember, Proofpoint's executive vice president of cybersecurity strategy. "These techniques have been used in targeted attacks for years, but 2022 saw them deployed at scale. We have also seen a marked increase in sophisticated, multi-touch phishing campaigns, engaging in longer conversations across multiple personas. Whether it's a nation state-aligned group or a business email compromise actor, there are plenty of adversaries willing to play the long game."

The security vendor emphasized the significance of employee training and security awareness, especially as phishing attempts become more sophisticated.

"The awareness gaps and lax security behaviours demonstrated by employees create substantial risk for organisations and their data," said Jennifer Cheng, Proofpoint's Asia-Pacific Japan director of cybersecurity strategy. "While email remains the favoured attack method for cybercriminals, we've also seen them become more creative--using techniques much less familiar such as smishing and vishing. Since the human element continues to play a crucial role in safeguarding companies, there is clear value in building a culture of security that spans the entire organisation."