When it Comes to Picking Targets, Hackers Don’t Care About Size

Posted on
hackers, small business cybersecurity
hackers, small business cybersecurity

As a small business, it’s easy to think that malicious cyber actors only want to target the largest companies. After all, those are the ones who have the most data and sensitive assets. At the same time, those companies also have the highest security budget, making attacks against them time-consuming and resource-intensive. Meanwhile, attacks against small businesses are not only easier – they can be just as profitable.

In mid-May, Illinois’ Lincoln College announced that it was closing its doors because a ransomware attack from December 2021 exacerbated the financial issues arising from lowered enrollment caused by the pandemic. From a broader perspective, this story is increasingly common: according to a recent report, small businesses are 350% more likely to be targeted by cyber actors than large organizations. Furthermore, 61% of all small-to-medium-sized businesses (SMBs) experienced a cyberattack between 2020 and 2021, according to a Ponemon Institute report.

With the news cycle constantly reporting large cyberattacks against Fortune 500 organizations, SMBs can feel a false sense of security. The reality is that cyber actors are equal opportunists who will take advantage of any organization – no matter its size.

What do Cyber Actors Want?

Most cyber actors have predictable objectives that can fall into a few basic categories. Typically, they’re motivated either by money or politics. Depending on your business’s industry vertical, you present a valuable target under one or both of those categories.

Payout 

The quickest way to profit from a cyberattack is a ransomware payment. All businesses have money, and thanks to Ransomware-as-a-Service (RaaS), cyber actors don’t need to be sophisticated to deploy an attack. With ransomware frequency surging, everyone is threatened.

Personally Identifiable Information (PII)

Cyber actors target PII either as part of a double-extortion ransomware attack or to sell on the dark web. In a normal ransomware attack, they force victims to pay a ransom in order to decrypt their files; in a double extortion attack, they also pressure victims to pay an additional fee to avoid making stolen PII public. In either case, all small businesses store PII on their customers, employees, and clients which makes them an attack target.

Credentials and Access

Attackers will often target one organization in order to access another. Most businesses work with other businesses and vendors and may possess information, credentials, software, or networked connections that cyber actors can use to move between targets. This is the mechanism behind software supply chain attacks like the SolarWinds hack.

Intellectual Property (IP) and Trade Secrets

Competitors often target IP and trade secrets as a way to get ahead without doing the work themselves. Whether you’re a small business or not, if your IP gives you a competitive edge, foreign companies will know and cyber actors will target you to make a profit in their own country.

Classified Information

Disrupting critical infrastructure and gaining access to classified information is high on the priority list for nation-state actors engaging in espionage and terrorism. Small government contractors may have valuable contract information that falls under a controlled unclassified information (CUI) designation, while cleared organizations may have classified information.

An Easy Target

Many attackers prefer to target small businesses because they lack the resources that larger companies have. Research notes that 47% of businesses with 50 employees or less do not have a dedicated cybersecurity budget. Further, not every business has a dedicated cyber security staff due to the shortage, cost, and high turnover of cybersecurity talent.

Adding to these challenges, many SMBs also struggle with legacy technologies. Purchasing new hardware is expensive, and many companies lack the budget to pay for the newest, most up-to-date IT infrastructure. Further, the move to remote work coupled with the increased adoption of cloud technologies complicates things further. Remote employees who may lack the needed cybersecurity awareness are often vulnerable to phishing attacks.

If you’re looking at it from a cost-benefit analysis, cyber actors need to expend less effort to get as much, if not more, information and money from multiple small businesses than one large organization.

How to Harden Your Small Business

The good news is that even as a small business, there are many ways to insulate yourself against cyberattacks and find cybersecurity experts to help you guard your sensitive assets.

Cyber training

According to Deloitte, more than 90% of all cyberattacks begin with a phishing email. The first step to protecting yourself is providing your employees with cyber awareness training so that they can recognize phishing and social engineering attacks. This will go a long way to protect your organization.

Incident response/Disaster Continuity plan

Alexander Graham Bell once said, “before anything else, preparation is the key to success.” Knowing what you plan to do before an attack occurs will reduce the impact if you experience one. The best form of harm reduction is harm prevention, and that can be achieved through a proactive enterprise security strategy that includes a protocol for incident response.

Protection of Perimeter

Nearly every company has Internet of Things (IoT) networked devices, and many are vulnerable. From printers to sensors, these devices enable work but create new cybersecurity risks. To protect the perimeter, you should:

      • Adopt a zero-trust policy
      • Place air gaps between devices
      • Move away from open-source protocols
      • Continually update operating systems, software, and firmware

Choose a Cybersecurity Partner

You don’t have to do everything alone. Hiring in-house talent is cost-prohibitive, but with the right outsourced partner you can achieve your security goals and protect your business. Providers, like Securicon, who can provide risk management, and compliance solutions prepare your company for the worst while offering continuous support at a more affordable cost than in-house talent.

Conclusion

Small businesses have a lot of things to worry about, and few have the cyber expertise of a large enterprise. This means many are unable to create the robust security program that they need to survive the current risk landscape. But as cyber actors become more advanced, good cybersecurity can mean the difference between survival and bankruptcy. Fortunately, you don’t have to go it alone.

At Securicon, our seasoned cybersecurity experts work to find vulnerabilities in your IT infrastructure, providing solutions and long-term support. Contact us today for a rapid assessment and learn how we can help your business survive in the midst of an evolving threat landscape.

How the Cybersecurity Talent Gap is Threatening Your Business

Posted on
cybersecurity talent
cybersecurity talent

In 2022, the worldwide shortage of cybersecurity talent has exceeded 3 million. If current trends continue, that number will only grow in 2023 and beyond: this is a major problem for businesses across all industries and verticals who are facing an epidemic of ransomware and data breaches – not to mention the looming possibility of cyberwarfare.

Without cybersecurity experts to help you protect and monitor your infrastructure, the evolving cyber landscape is a serious threat to your customers and business resilience. In this article, we will discuss the cybersecurity talent gap in more detail, and what your business can do to address it.

The need for technical innovation drives risk

As the pace of innovation in enterprise IT accelerates, companies must roll out new tech at a rapid pace in order to stay abreast of the cutting edge, remain competitive, and provide a good experience to their customers. In an effort to satisfy the demand for new products, vendors release them faster than they can be secured, introducing new vulnerabilities to the workplace. Meanwhile, cyber actors are becoming more sophisticated, and the global cost of cybercrime has reached trillions of dollars.

This situation presents businesses with a catch-22: fall into technical debt by avoiding new technology or bring risks into your workplace in order to keep up. Every organization must ask themselves these questions: how can you afford the best people when competition for talent is so high? And what if your current budget doesn’t allow for the number of team members you really need to efficiently monitor threats?

The cybersecurity talent shortage

Ultimately, the cybersecurity talent shortage is not just a problem for hiring managers – it also directly correlates with a rise in security breaches, as a recent study from Fortinet concluded. For the report, Fortinet surveyed more than 1,200 IT and cybersecurity leaders from 29 different countries in the technology, manufacturing, and financial industries.

The company found that 80% of security professionals experienced at least one breach that could be attributed to a lack of cybersecurity skills or awareness, and 64% of those breaches resulted in the loss of revenue via recovery costs or fines: “a key factor is that organizations struggle to find and retain certified cybersecurity people,” the report noted.

Tech-focused training and certifications were seen in a positive light, with 95% of the respondents agreeing they have a positive impact on their teams – more than 85% have already implemented cybersecurity training programs. But over half of the respondents admitted to having difficulty with employee recruiting and retention.

As shown by other studies, even organizations who manage to find cybersecurity talent suffer from high turnover and low retention rates. Long-term repercussions include more frequent security breaches and compromise of sensitive assets, such as intellectual property (IP), data protected by federal contracts, and personally identifiable information (PII).

Bridging the gap in your organization

There are multiple one-off solutions organizations can adopt to drive cyber awareness in a sustainable way that not only insulates employees against cyberattacks in the short term but also prepares them for future risks. Some of the most important qualities to instill in your team include strategic thinking, strong problem-solving abilities, and good communication skills.

Now is a great time for organizations to ensure their employees have the knowledge and resources to plan for the future and other areas of the business. But ultimately, the best outcome is finding experienced cybersecurity professionals who can help you solidify your infrastructure and develop a long-term strategy. Some tips you can follow right now include:

  • Outsource your cybersecurity talent – today, even large companies are struggling to find and retain cybersecurity talent – for small to medium sized businesses (SMBs), the challenge can feel insurmountable. Consider partnering with providers like Securicon who bring cybersecurity services and continuous support to your business at a more affordable cost than in-house talent.
  • Invest in cybersecurity training – increase cybersecurity skills throughout your organization by investing in proper training for all your employees, ranging from general digital hygiene to more specific courses on social engineering attacks.
  • Encourage continuous learning – culture plays a major role in cyber preparedness; promote an attitude of continual learning so employees will stay current with the latest threats, technologies, and trends. It’s always important to promote a continuous cyber learning experience for employees to stay current with the latest trends and technologies.
  • Scout for new technologies – ease the workload for your security team by investing in automation or machine learning cyber technologies to streamline operations.
  • Provide opportunities for team sustainability – providing a learning platform for teams is beneficial to both the organization and the individual while helping to retain top talent.

The worldwide shortage in cybersecurity talent won’t be fixed any time in the near future – fortunately, organizations can still take steps to protect themselves from emerging threats. At Securicon, our seasoned cybersecurity experts work to find vulnerabilities in your infrastructure, providing solutions and long-term support. Contact us today for a rapid assessment and learn how we can help to close your talent gap.