Two Cyber Threats Impacting SMBs
A typical sales approach is to instill fear, uncertainty, and doubt (FUD) when selling.?The purpose of this article is intended to inform and not scare companies so they can make better informed decisions.?It's critical to know that keeping a blind eye and not prioritizing your cyber security can and will hurt your business.
The two threat types are: business email compromise (BEC) and ransomware.?We’ll explore each below.?It’s important to note that there are many more types of threats that will have an impact on your business.
Before we explore these threats it’s important to recall national standards for cybersecurity protection.?The most widely referenced is NIST (national institute of standards and technology).?This is a USA government organization that sets standards for many areas to include cybersecurity.??They have developed a cybersecurity framework to help guide businesses in developing and deploying best practices for cybersecurity.??This framework has five key elements of focus (see figure 1) noting that v2.0 drafts has added a 6th component GRC:
·???????Identify
·???????Protect
·???????Detect
·???????Respond
·???????Recover
This framework alludes to building layers of security for your data such as you might physically do for your home or business.?Each layer is meant to address certain areas of potential exposure.?In cyber terms you'll hear about "Defense in Depth". You can read more about the NIST guidelines here:
BEC typically starts off with either a phishing or spear phishing email to unsuspecting employees.?In many cases employees never receive the constant training needed so they understand what to look for and do not click on links or open attachments.?A recent vendor study showed that every six months is optimal for a training session, so the employees retain the insights.??When an employee clicks on a nefarious link or opens an attachment, one of two things can happen.??Make no mistake, the C-Suite executive team is just as vulnerable if not more than employees.
1.?????You’re redirected to a spoofed (looks very real) website where the employee enters their login credentials that are then captured by the bad actors.
2.?????Malicious code is unknowingly downloaded onto the device.
The first item is where BEC typically happens while the second is more aligned to ransomware.?Once the bad actor has your credentials, they quickly move to make adjustments to your email controls and if possible, make lateral moves within your environment.??Ultimately their approach is to get higher level access such that they can then start doing their dirty work.??One tactic is to spoof emails making it look like a company executive is direct employees to make changes.?For example, sending an email on behalf of the CFO to accounts payable to use a new bank account, one that the bad actor controls.?Another is sending a fake invoice, again via a spoofed email, to make immediate payment.?Ultimately your entire financial chain can be impacted from your clients to your suppliers.
When we talk about BEC, we need to explore how they make these targeted emails seem so legitimate.?It’s easy as a lot of our lives exist in social media.??They can take a minimal amount of time to find out personal things about you, your family, your church and so on.?Then looking at public records databases they can gain even more insights to target you.?Add to that the many breaches that have occurred such as from credit reporting agencies.??Reference this article on Experian:
Many more business-related breaches have occurred such as LinkedIn where many folks keep a business history.?Taking all this data the bad actors can easily spear phish an unsuspecting subject with an email that looks so real that they believe it can’t be fake.?Constant education is key along with best practices cybersecurity implementations will help thwart a lot of these attempts.??At the end of this article, we’ll provide a list of some YouTube links that employees can watch to help train them.
Through BEC and these bad actors ending up with the right level of credentials, your data is at risk of be exfiltrated.??This data is typically the life blood of many organizations, especially if its proprietary or intellectual property.?We’ll explore this under the ransomware discussion.
In the second item above, we talked about how malicious code can be installed on a system or endpoint.?This is just one of many ways.?Let’s say you hire an outside firm to manage your network, firewall and your Office 365 email accounts.?Instead of their service people coming onsite to address issues they’ll typically use what is called remote desktop support (RDS) code to gain access to your systems.?This typically uses your network port 3389, which is standard across the industry.?If this port and access is not managed tightly, perpetrators can use this RDS to gain access to your systems and your data.?Again, this is just one of many ways and why good cyber hygiene practices are so critical.
Regardless of how these actors gain access to your systems/data, they will normally do two things:
·???????Download all your data, including that of your clients and suppliers.
·???????Put encryption code on your systems to lock them up so you can’t access them, including your backup data.
领英推荐
You’ll typically get a notification stating that you must pay to unlock your systems however in today’s environment they will also go after your clients and suppliers.?This can expose your suppliers, especially if you have login’s to their systems and your clients to blackmail depending what data you have on them.
The best practice is to ensure you have multiple backup copies that are time sensitive.?Some backup scenarios can be once a day or up to the minute shadow copies.??The backup 3-2-1 rules state:
·???????Create at least three copies of your data.
·???????In two different storage formats (like the cloud).
·???????With at least one copy located offsite and air gapped from the internet.
Once your systems are encrypted and locked out, you basically are not able to run your business.?Take for example the City of Atlanta, GA.?They got hit with ransomware and couldn’t conduct any business.?No marriage licenses, no driver licenses, no court activity and so on.?They were completely shut down.?The implication for SMBs according to the FBI is that many won’t survive a ransomware attack.?Not only will your business be shut down but also your clients will no longer trust you and your overall market image will be tarnished.
In conclusion, the point of this article is to expose you to just two of the ways SMBs are severely impacted by nefarious actors, especially when they’ve taken the approach of what I don’t know won’t hurt me.?This couldn’t be further from the truth!
Take the time to find competent cybersecurity help.?In most cases you’ll want to speak to a firm known as managed security services provider (MSSP).?They be able to help you understand what layers of cyber security you need and then provide a monitoring service to help watch your businesses back.?One final point is to always ensure that they are transparent so you can inspect what you expect.
Simple Publicly Available Cyber Training For SMBs:
Al Wissinger
Managing Director, Fluency Corp