October is Cyber-Security Awareness Month – Week 1

October 2018

Here at Fortis, we believe cyber-security is of the utmost importance, and we have made cyber-awareness a top priority for our Clients, Colleagues and Friends.  October is National Cyber Security Awareness Month.  Fortis is promoting cyber security by sharing weekly tips and information during the month of October

Cybersecurity statistics that small business owners need to know

Data breaches and ransomware at large companies dominate the headlines but recent data indicates that small businesses suffer the most malware incidents. There are many smaller scale attacks that are having huge impacts on small business. If you are a small business owner, here are 5 things you need to know:

1. 58% of malware attack victims are categorized as small businesses. (Source)

2. Not only do small businesses suffer more infections, the frequency of attacks appears to be on the rise. According to the Ponemon Institute’s 2017 State of Cybersecurity in Small & Medium-Sized Businesses report, attacks increased from 55% in 2016 to 61% in 2017. It’s not that cyber criminals are explicitly targeting small businesses, but it’s more likely that small businesses simply present more vulnerabilities. It’s often a matter of having inadequate protection. 

  • While smaller companies may not have resources or data at the scale of enterprise-level organizations, they do have valuable business data (such as customer information that could be used in identity theft crimes) and can often provide access to larger companies via unprotected connections. For example, the massive Target data breach of 2013 was perpetrated by hacking a small HVAC company first.In 2017, cyber-attacks cost small and medium-sized businesses an average of $2,235,000.

3. Not only are small businesses being hit by hackers, the attacks are costing them a lot of hard-earned cash. In 2017, average malware-related costs for small and medium-sized businesses included $1,027,053 due to damage or theft of IT assets, and $1,207,965 due to disruption to normal business operations. The worldwide cost of cybercrime is on track to hit $6 trillion by 2021 and will be built on thousands and thousands of small, real attacks.

4. 92.4% of malware is delivered via email

  • The number one tactic is email, or, more specifically, email attachments. According to the Symantec’s 2018 Internet Security Threat Report, 88% of malicious emails use malware-laden attachments to ensnare their victims. All it takes is one wrong click for your business to be compromised.
  • And there are other risks. Microsoft’s Remote Desktop Protocol (RDP) is one example that continues to gain traction, especially in attacks on small businesses. The reason is many small businesses outsource their IT, and one of the most common remote management tools is RDP. If your IT person has logged in to your computer and taken over your keyboard and mouse to work on an issue, chances are they were using RDP. RDP is an incredibly useful tool, but when left exposed to the Internet, it can be a beacon for attackers who can attempt to establish their own connection by cracking RDP passwords (what’s known as a brute-force attack).

5. 60% of small businesses say attacks are becoming more severe and more sophisticated.

  • Email remains the most common method of initiating cyberattacks. Techniques attackers use to evade security, deploy malware, and establish control over compromised computers are changing.
  • According to another recent Ponemon study, the majority (77%) of successful attacks in 2017 utilized exploits or other “fileless” techniques that were able to bypass the victims’ security. Because these techniques replace the need for dropping malicious executable files on disk, traditional security solutions such as antivirus (AV) programs can’t detect them.
  • Recent data indicates that the most prevalent form of malware now belongs to cryptominers — malware designed to hijack an infected system’s resources in order to mine cryptocurrency without the victim’s knowledge. According to IBM, cryptomining attacks increased by 600% between January and August of 2017. Researchers at Checkpoint reported that cryptominers affected more than half (55%) of organizations globally in December 2017.
  • What makes this shift in payloads especially notable for small businesses is that cryptominers are a completely different threat than ransomware. Organizations that responded to ransomware infections by investing in backup were smart to do so, but now they face a threat designed to infect them just as effectively while draining their resources and bogging down their systems over time. Small businesses need to adapt their security efforts accordingly, and make sure they’re properly equipped to address infections that aren’t as blatant as ransomware.
  • To prevent these silent attacks from taking hold, organizations need to prioritize preventative measures like replacing legacy antivirus solutions with stronger, more modern endpoint protection.

Sources:

https://www.verizonenterprise.com/verizon-insights-lab/dbir/

https://csrps.com/Media/Default/2017%20Reports/2017-Ponemon-State-of-Cybersecurity-in-Small-and-Medium-Sized-Businesses-SMB.pdf

Other resources:

https://www.sba.gov/managing-business/cybersecurity/top-ten-cybersecurity-tips

https://smallbiztrends.com/2018/08/what-to-do-if-ransomware.html