October 13, 2021
Cybersecurity Awareness Month: Common Threat Vectors for SMBs
October marks the beginning of Cybersecurity Awareness Month, a month-long campaign to raise awareness of the need for a collective and proactive approach to cybersecurity. The campaign comes when the threat to businesses is greater than ever. According to the FBI, since the beginning of the pandemic, there has been a 300% increase in reported cybercrimes, with a majority targeted at small-to-medium-sized businesses (SMBs). This increase is likely due to the global shift to remote work, with employees accessing company infrastructure from their home network and IT teams maintaining it remotely.
Common Threat Vectors for SMBS
A threat vector is a pathway or method used by an attacker to access the target system. These attackers can then steal data, information, or money from individuals or businesses by exploiting these vulnerabilities and gaining access to the system, such as the company's IT infrastructure or employee’s email). Once they gain access, they are able to remotely control the IT infrastructure, install malware or ransomware, or steal data and other resources.
Weak or Compromised Credentials
Bad actors obtaining access to user credentials is one of the most common ways for cybercriminals to access target systems. There are several ways for them to obtain these credentials, such as when users fall victim to phishing attempts and provide their usernames and passwords to authentic-looking websites or use common/weak passwords that can be easily guessed. However, it is not only users who can have their passwords compromised. Network devices and servers also have credentials that can be compromised, where one compromised server can allow machine-machine movement throughout the network. To help avoid this risk, make sure that effective password policies are in place to avoid weak/common passwords and usernames, and enable multi-factor authentication (MFA) to reduce the possibility of breaches.
A malicious insider is usually an unhappy employee who aims to sabotage or damage the organisation that they work for. This type of threat is particularly difficult to protect against as employees need access to critical systems and sensitive data in order to operate the business. An employee with bad intentions can potentially disrupt business operations with actions such as deleting critical data or backup or providing secret information to a competitor. To try to mitigate this threat, limit access to critical systems to a minimum number of employees, monitor data and network access, and keep frequent backups of critical infrastructure
Phishing Emails & Ransomware
Phishing is a tactic used by cybercriminals to gain access to users’ credentials, banking details or to convince users to download potentially malicious malware or ransomware onto their machines. Many phishing emails share common features, such as attention-grabbing offers and statements, portraying a sense of urgency, and unexpected attachments. Even attachments with familiar file types should not be clicked on unless the authenticity of the sender is known, as it may contain viruses like ransomware.
Ransomware is a growing concern for SMBs. Not only is ransomware becoming more and more prevalent, but the ransom to be paid is increasing as well. There are numerous ways ransomware can infect a system, from phishing attacks that depend on user error to more targeted attacks that depend on exploiting vulnerabilities in a business’s network. In the fight against ransomware, it is important to keep operating systems and applications patched and up-to-date to minimise vulnerabilities—install proper antivirus software and implement a solution for business continuity to quickly failover in case of a ransomware attack.
Focusing on Cyber Resilience
It is almost impossible to eliminate these attack vectors completely. As user error is a large component of all these common threat vectors, cybersecurity measures alone are not enough. Implementing a proper cyber resilience strategy to quickly and effectively recover from attacks is the only way to ensure that your business does not become the victim of a cybercrime.
Datto’s Unified Continuity solutions can enhance your cyber resilience strategy by providing point-in-time restores to quickly recover and minimise downtime from events like disasters, malicious insiders, and ransomware. Visit here to learn more about Datto's tips for cybersecurity.