As Elections Near, Trouble Brews for SMB Security
Many SMB executives feel they are prime targets for foreign attackers who wish to wage cyber war and breach national security.
In the current climate, cybersecurity attacks are considerable stressors and remain at the forefront of everyone’s mind. When looking at the small- and midsize-business (SMB) world, in particular, there’s always a concern about keeping up with increasingly advanced attacks.
According to findings gathered by cybersecurity firm AppRiver, 93% of SMB executives feel that foreign attackers will utilize small businesses as entry points to breach national security or wage cyber-war.
Two-thirds also believe that cybersecurity threats will grow more severe and prevalent by 2020, coinciding with the next presidential election.
Are small businesses adequately prepared for what’s coming? Are the concerns warranted, and will cybersecurity attacks target smaller firms? How will the upcoming election influence things?
Impact of Data Breaches on SMBs
Given the numbers, it’s clear that cybersecurity is not just a growing concern—it’s critical to survival in the current landscape. Despite that, only 43% of SMB executives polled by AppRiver believe they are currently in control and are therefore confident in their company’s cyber preparedness.
Attacks can originate from multiple entry points, including larger organizations. However, throughout 2019, we saw many cyberattacks that targeted smaller municipalities and operations with the intent to spread influence through digital connections.
Some examples of high-profile attacks that occurred in 2019 include a malware attack on a Virginia-based U.S. government tech contractor, a breach at Quest Diagnostics compromising medical and financial data, and ransomware attacks that plagued cities in states such as Maryland, Georgia, Florida, and Texas.
Microsoft also discovered hackers had injected malicious code into several video games using the Visual Studio platform. It was a supply chain hack that impacted multiple clients, as the corrupt software was unknowingly distributed through official channels.
What’s even more alarming is that these attacks have a much bigger impact on SMBs than their larger counterparts. Another report from AppRiver—released earlier this year—reveals cybercrime is more devastating to SMBs than natural disasters.
In this more recent report, 70% of SMB respondents said a cyberattack would severely damage their business, and another 22% said their company wouldn’t even survive a single attack. For smaller businesses with fewer than 250 employees, that number jumps to 30%.
Why Are State-Sponsored Cybercriminals a Threat?
The proliferation of cybercrime tools and ransomware-as-a-service (RaaS) packages available to cybercriminals make opportunistic cyberattacks a dangerous threat on their own. However, nation states have access to state-of-the-art technical resources, world-class talent, and clear motivations for interfering with public and private institutions in other countries.
As the United States prepares for its 2020 presidential elections, it is virtually guaranteed that state-sponsored cybercriminals will breaking into various aspects of American business, in order to influence those elections. Small businesses are going to face the brunt of these attacks as collateral damage.
This is because the age of the targeted, one-off cyberattack is over. Today’s hackers use highly automated systems to gain unauthorized entry into business systems, then freely browse their contents, looking for opportunities to dig deeper.
The key difference between a state-sponsored cybercriminal and a lone hacker is one of means and motivation. These factors have already combined to turn into what one cybersecurity firm called an “unprecedented and unrelenting barrage” of cybersecurity attacks over the past year—and there is no sign the storm will let up any time soon.
If your employees understand how to spot an attack or potential phishing attempt, they’re less likely to be duped. This provides an added layer of protection on top of anything else you’ve deployed. Tying up those loose ends can close up potential vulnerabilities, even against social engineering attacks.
Make Cybersecurity Priority #1
Advanced cybersecurity technologies are undoubtedly at the top of the list when it comes to making data security improvements. As reported in a recent Dashlane study, half of data breaches occur within SMBs, and yet only 23% of organizations polled stated they had a password management system in place to protect login details.
Data governance can have a monumental impact on general preparedness because it encourages accountability and the appropriate handling of all forms of digital content.
Following strong password and authentication protocols can help prevent a breach or attack. For SMBs, in particular, password management fundamentals can ensure only authorized parties have access to company services and solutions.
Additional security tools can bolster protections even more. For example, enabling two-factor authentication for business accounts will ensure that even with the appropriate password, unauthorized parties still cannot gain access.
Cybersecurity should be in place for potential hacking from any source, whether it be initiated by a foreign nation state or from anywhere in the U.S.