Page 89 - Cyber Defense eMagazine March 2024
P. 89
Regardless of their size, organizations are facing similar types of attacks — social engineering, system
intrusion, and basic web application attacks. The top cybersecurity attacks affecting SMBs specifically,
according to the Verizon report, are:
• Human element. The number one risk to any SMB is its own people. In fact, 74 percent of
breaches involved human actions, whereby adversaries use social engineering and
misrepresentation tactics to steal data or hold businesses ransom. Pretexting, an invented
scenario that tricks someone into giving up information, accounted for half of all social engineering
incidents in 2022. Phishing tactics came in second, at 44 percent.
• Ransomware. Using malware to block access to a computing system, ransomware was present
in over 62 percent of all incidents.
• Denial of Service (DDoS). These attacks compromise the availability of networks and systems
by overwhelming them with large amounts of data. DDoS attacks represented 42 percent of
incidents.
• System intrusion. This technique, which involves bad actors using their expertise in hacking and
malware to breach or impact organizations, accounted for 37 percent of breaches. This is a
category that differs from ransomware and the human element, as it’s a more sophisticated,
calculated and targeted type attack.
Seven Ways to Strengthen Your Cybersecurity Posture with Fewer Resources
If a business leverages technology, they have a cybersecurity problem. For SMBs, who already have an
uphill battle, it’s vital that they have the right cybersecurity protocols in place to mitigate risks. Here are
seven techniques even the smallest business can implement:
1. Manage who has access to your data. Access control management uses processes and tools to
create, assign, manage and revoke access credentials and privileges for users of assets and
software.
2. Train your employees to be security savvy. Establish and maintain a security awareness program
for your workforce (even if it is a team of five) to be security conscious and reduce cybersecurity
risks.
3. Know where your data resides. Is your organization’s data stored on a network, on hard drives,
on servers, in the cloud? Do you rely on third parties? Knowing where your data resides is helpful
so you can better protect it and know what steps to take if data has been compromised.
4. Create an incident response management plan. Many cyberattacks, such as pretexting, tend to
escalate quickly and can have a significant impact. A plan will help an organization better prepare,
detect, and respond to an attack.
5. Ask questions. Here are a few good questions to start with:
o Do we have a designated information security expert on staff or a third-party trusted risk
advisor?
o Is our website properly protected?
o Do we regularly back up our data and files?
o Are our company’s devices protected with antimalware and antivirus software?
o Do we regularly patch our hardware and software?
Cyber Defense eMagazine – March 2024 Edition 89
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.