Barely a week goes by without news of another cyberattack and the subsequent theft of sensitive data. Today's cyber threats are increasingly sophisticated. Despite ongoing employee training on phishing emails, small businesses can never let their guard down.
For example, attackers are upping the ante when it comes to phishing. One of the techniques used is machine learning to rapidly create and distribute fake, realistic messages, hoping to trick recipients into unintentionally compromising their organization's network and systems, according to Michelle Moore, PhD, Chief Academic Officer of the Master of Science in Cybersecurity Operations and Leadership Program. at the University of San Diego.
Phishing attacks are also becoming more automated. This creates an opportunity for "less sophisticated and malicious cyber actors." in the cybercriminal ecosystem,” according to the Connecticut Utilities Regulatory Authority, which says cyberthreats targeting utilities in the state are growing and becoming more sophisticated.
Likewise, ransomware has become more complex. A relatively new trend: hackers are demanding that their ransoms be paid anonymously, thanks to the growing popularity of cryptocurrencies like bitcoin.
However, in many cases, it's not that the methodology is new, but rather that attackers have adapted and improved their techniques, notes Candid Wüest, Vice President of Cyber Protection Research at Acronis.
"For example, we've seen phishing emails increasingly use trusted cloud services like Google Docs to deliver their spam messages," says Wüest. "Personalizing the email with data from past data breaches is also a common method of increasing click-through rate."
"The harsh reality," he continues, "is that many small businesses don't find out they've been compromised until it's too late." When you get a ransomware request or start getting customer complaints about weird malware-laden emails, the damage is already done.
Unfortunately, "most small businesses don't have holistic monitoring," says Wüest. "Even if they have the visibility, they don't have the resources to manually analyze and track every alert."
How Small Businesses Can Respond
Small businesses have moved workloads and data to various cloud services during the pandemic, but they often don't fully understand all the interactions and dependencies within these complex environments, says Wüest.
This is where it helps to find an external partner that specializes in cloud services. Small businesses can also take some key steps to protect themselves against a cyber attack. Above all, data should be backed up, regardless of its location.
Secure your network and all the devices that connect to it. If you're not already using a firewall, consider installing one. It is also important to regularly update the software (anti-malware and others) on each of your company's computer systems.
Other steps include the encryption of sensitive data, the use of multi-factor authentication, and monitoring systems. It is imperative that you train your staff on how to stay safe online. Don't consider it a one-time event. Training and drills must be continuous.
This requires keeping up to date with the latest cyber threats. Small businesses can search online security vendor sites and trade publications to stay informed. Mitigating them is, of course, another matter. If your company doesn't have in-house security expertise, look for a security-focused managed service provider that does. With the average cost of data breaches now running into the millions of dollars, proactive protection is well worth the investment.
Click here to learn how to protect your business against major cyber threats with Acronis.
Copyright © 2022 IDG Communications, Inc.