Verizon’s annual Data Breach Investigations Report has historically compared and contrasted small and medium businesses (SMB) against large organizations. Not this year. The reason: Both SMBs and large enterprises are increasingly sharing similar attack surfaces. With much of the same services and infrastructures, the difference between the two boils down to the available resources.
Where larger companies may have entire teams of cybersecurity analysts or full-fledged security operation centers (SOCs), many SMBs rely on a single IT person to manage their security. Or, companies may outsource cybersecurity to managed service providers (MSPs) who may not yet have the required skills or services in place to plan, build out, and manage a full cyber program.
In this blog post, we examine the most common types of cybersecurity threats SMBs face today and share a list of top 5 cybersecurity tips that SMBs can follow to start building a more robust cyber posture against modern threats.
Types of Cybersecurity Threats for Small Businesses
In a 2023 Data Breach Investigations Report, researchers found that the top patterns of cybersecurity threats for small businesses (less than 1,000 employees) were system intrusion, social engineering, and basic web application attacks – representing 92% of breaches. Several types of attacks including, phishing, malware, watering hole attacks, and drive-by downloads drive these categories of threats.
Phishing
Phishing attacks continue to grow year-over-year and remain one of the main methods threat actors use to gain entry into their victims’ systems alongside vulnerability exploitation and stolen credentials.
A phishing attack is launched when a threat actors poses as a legitimate entity to lure individuals into providing sensitive data or launching malicious files. Phishing scams are both common and growing increasingly convincing with the help of generative AI tools like ChatGPT. Where spelling errors and odd tone of voice were once a main tip-off, AI-crafted content makes it harder to decipher legitimacy. This leads to the sharing of credit card information, bank account numbers, login credentials, and other sensitive data – all gateway data to the lifeblood of SMBs.
Malware
Malware is the overarching term for malicious software of any kind. It is the software, script, or code that performs an attack on your system against the owner’s consent. Attackers disseminate malware through various vectors, including websites, files, phishing and drive-by downloads.
Watering Holes
Watering hole attacks compromise users by infecting websites they frequent. Once cyber criminals lure people to the website, they infect their computer with malware. Attackers first work to identify and research the websites that their targeted users like to visit frequently, looking for clues to common interests and online habits. Attackers then inject malicious code via vulnerabilities found in the website’s code or server. When the targeted users access the website, malware is installed on the user’s device which can lead to unauthorized access to their organization’s network and valuable data.
Drive-By Downloads
Drive-by downloads can be particularly frustrating as the attack doesn’t always require user interaction. When a person visits a website, an unintentional download of malicious code happens without any interaction (e.g. clicking or taking an action on the site), implanting it on the victim’s computer or mobile device. Once on the endpoint, it can hijack the device, spy on activity, exfiltrate data, or disable the device entirely.
Why Do Small Businesses Need Cybersecurity?
According to the U.S. Small Business Association, “surveys have shown that the majority of small business owners feel their businesses are vulnerable to a cyberattack.” A Small Business Index report for Q1 2024 from the U.S. Chamber of Commerce stated that 27% of small businesses reported that they were one disaster or threat away from shutting down their business. The margins for small businesses are razor thin, making cybersecurity controls a top priority.
The damage can also go beyond small businesses. Since cybercriminals know that smaller businesses are often part of the same digital supply chain as larger companies, SMBs can be seen as the less protected entry point to a larger corporation’s network for double the profit. The good news is, there have never been more resources to help small businesses put protections in place.
Cybercriminals assume that small businesses have limited resources and time and weaker security measures, making them easier to crack than enterprises. Not only are SMBs a target, but bad actors are using more sophisticated and widespread attacks that easily thwart common security practices such as traditional antivirus software.
The Impact of a Cyberattack on Small and Midsize Businesses (SMBs)
Small and midsize businesses are an essential part of the economy, and require the same protection as large enterprises at scale. When attacks hit, costs can be far-reaching. Some of the costs post-attack may include, but are not limited to:
- Mitigating damages and repairs
- Paying ransoms (even though this is not recommended)
- Supplying free credit monitoring to affected clients
- Paying fines/penalties (applicable to businesses in regulated industries) and managing lawsuits
- Hiring outside help from security consultants, lawyers, risk management and public relations consultants
- Downtime and loss of productivity both in the short and long term
- Losing potential new and existing business due of reputational damage and loss of trust
- Increased cyber insurance premiums, which add to operational costs
5 Essential Cybersecurity Tips for Small Businesses
Cybersecurity tips for small businesses should be actionable, not overwhelming. This checklist rounds up the top ways to strengthen SMB defenses against cyberattacks. While cybersecurity can be expensive, these tips come at little to no cost.
1. Conduct Regular Software and Patch Updates
The two main ways to protect against software vulnerabilities are routine and timely patches and updates. While commonly confused, these are two distinct processes.
Software patching – Software developers release small updates that fix specific issues or vulnerabilities within a program. These can address known security flaws, bugs, or any other issues that users or developers have found since the initial release of the software.
Software updates – This is what you may be more familiar with from the automatic updates pushed to your laptops and PCs. Released on a specific schedule such as monthly or quarterly, these improvements provide a set of changes to the software.
2. Implement Cybersecurity Training for Employees
Cybersecurity is the responsibility of all employees within an organization, regardless of its size. Regular training programs and courses can teach employees of all levels how to identify, mitigate, and report security issues appropriately. Educated employees can be a strong first line of defense when it comes to preventing security events from occurring and greatly reduce the risks of data breaches, malware infections, and more. If they are aware of how cybercriminals are trying to target them, they can be more aware and able to detect scams like phishing emails.
3. Enforce Strong Passwords and Authentication Policies
Weak and common passwords such as 123456 and qwerty are an easy entry point for data theft. Creating a password policy that requires the use of strong passwords – one that is at least 12 characters long, including letters, numbers, and symbols – is a must. The more difficult and time-consuming it is for a cybercriminal to guess a password, the less likely they are to try and compromise sensitive data. According to NIST’s password guidelines, password security can be bolstered by:
- Focusing on length more so than complexity
- Using password managers
- Avoiding the use of password hints
- Limiting the number of authentication attempts
Multi-factor authentication (MFA) is also a must-have in today’s threat landscape. With the amount of business-critical data users have access to and the number of digital identities associated per user, MFA adds an extra layer of security beyond just passwords. MFA is a trusted way to protect against phishing attempts and cases involving credential theft since it requires another form of authentication, like a text message with a code that only the rightful user has possession of to grant access.
4. Schedule Timely Risk Assessments
Small businesses should conduct informal risk assessments, at a minimum, by meeting with cybersecurity vendors to brainstorm scenarios based on recent cybersecurity events. Discussing current threats allows SMBs to identify gaps that exist in their current security program.
Regular risk assessments are one of the first steps to establishing a more proactive threat identification program. Before potential threats can be exploited by threat actors, risk assessments allow SMBs to map out the actions needed to shore up weaknesses and keep up with the evolving threat landscape. Risk assessments are also vital for planning out incident response plans (IRPs), emergency communication matrices, and post-attack strategies.
5. Use Virtual Private Networks (VPNs)
In the age of remote work, virtual private networks (VPNs) allow employees to work anywhere and gain secure access to the company network. VPNs mitigate cyberattacks by creating a secure, encrypted tunnel for users to hide their personal information, location, and other data while connecting to the internet. Using VPNs is a cost-effective solution for SMBs with limited security budgets.
VPNs work by encrypting internet traffic, making it difficult for cybercriminals to intercept and read data. This is crucial for protecting sensitive business information and communications. They can also help in network segmentation efforts, providing access control to different parts of the network based on user roles. This minimizes the risk of unauthorized access.
Conclusion
The landscape of cybersecurity threats is evolving and threat actors are no longer distinguishing between the size of their targets. SMBs, often perceived as easier targets with less means of cyber defense, now face the same sophisticated attacks that large enterprises do. Phishing schemes, ransomware attacks, and data breaches are just as prevalent and damaging for a small business as they are for a Fortune 500 company. This convergence in the threat landscape notes a stark shift in how cybersecurity is approached across all industries.
Cybersecurity attacks on a small business can be devastating. SMBs around the globe have turned to SentinelOne’s Singularity™ Platform, allowing them to proactively resolve modern threats at machine speed. Learn how SentinelOne works with best-in-class security service providers to more effectively manage risk across user identities, endpoints, cloud workloads, IoT, and more. Contact us today or book a personalized demo here to learn more.