Sometimes, it’s good to be just a little bit paranoid. This is especially true for small business owners as they consider the types of cyber threats their companies will face in 2019. Unfortunately, small businesses ignore these threats with alarming frequency. Needless to say, the price these companies pay for such neglect can be massive. In fact, malware attacks and other types of cyber threats can actually become an existential crisis.
Here are some of the small business security lessons that the past few years have taught us. First, companies of all sizes are open to crippling cyber attacks. Furthermore, cybercriminals have actually begun to focus on small to medium-sized companies with increasing frequency. Broadly speaking, there are two reasons for this alarming uptick:
- Criminal hackers tend to think that small businesses are easier to target than large corporations. This view stems from their belief that small business cyber security is much less sophisticated and easier to breach.
- Cybercriminals often use attacks on small to mid-sized companies as blueprints for large-scale campaigns.
If you’re a small business owner, we hope we’ve already gotten your attention. But if you need more proof, just take a look at the following numbers.
The Impacts of Cyber Attacks on Small Businesses
We’ll start with a jarring contrast between perception and reality. According to one survey, only about 13% of small business owners think that cybercrimes are an actual threat to their companies’ well-being. That means that 87% of small business don’t think cybercriminals will come after them. But however comforting this belief might be, it’s still incredibly dangerous. It’s dangerous because reality paints a very different (and uglier) picture of the cybersecurity landscape.
And what does this uglier picture look like? To begin with, 61% of small businesses were victimized by cyber attacks in 2017. And while the 2018 numbers aren’t out yet, they’re likely to be significantly worse than what companies have previously reported. For a closer look at this dismal picture, consider the following statistics:
- In 2017, the average cost a small to mid-sized company paid to recover from a cyber attack was approximately $500,000
- Recovery from 20% of these 2017 breaches cost small to medium-sized companies between $1 and $2.5 million
- Over 50% of North American small business owners believed that their company would be unprofitable within a month after a serious cyber attack
These numbers are troubling enough all by themselves, right? But let’s throw one more at you, just to be sure– approximately 60% of small businesses fail completely within about six months after a serious cyber attack. If that doesn’t convince you how dangerous malware attacks can be, then nothing will. Now let’s have a look at the top five types of cyber threats your small business should watch out for as the new year begins.
The Top Five Types of Cyber Threats for 2019
1. Ransomware Attacks
Ransomware attacks have been around for several years, but they didn’t get much attention until May 2017. That’s when the WannaCry series of cyber attacks stalled over 200,000 computers by encrypting organizational data and demanding a Bitcoin ransom before unblocking the affected users. Security experts put a stop to most of the attacks within a matter of days, but not before victims paid over $130 million dollars for the release of their data. Worse still, analysts suspect that the WannaCry attack lies dormant in thousands of computers worldwide.
Despite the (partial) defeat of the WannaCry attacks, Ransomware continues to be one of the most damaging types of cyber threats your small company will face in 2019. Due to the sheer volume of Ransomware attacks, small businesses should prioritize building up an effective defense against them. There are essentially three ways a small business can build this necessary defense.
First, you and your employees must understand the nature of Ransomware attacks. Unlike phishing and other types of cyber threats, Ransomware attacks encrypt critical company data and ‘hold it hostage.’ In other words, these attacks are more like extortion than actual theft. This is why traditional anti-virus software isn’t effective against them.
Instead of anti-virus systems, small businesses should use a combination of employee training and something called ‘endpoint protection.’ Additionally, many smart companies have begun to store critical data in multiple locations. Lastly, it’s imperative that you have a recovery strategy in place before a Ransomware attack can occur.
2. Software Update Attacks
Commonly known as software update supply chain attacks, these computer assaults insert malware code into otherwise safe software at various distribution points. The damage of supply chain attacks occurs because of the huge amounts of sensitive information companies share with their suppliers. And because these malware attacks occur at production and distribution points, they can be difficult to prevent without adequate preparation and knowledge.
Supply chain attacks rose sharply in 2018 and promise to threaten small business well into the future. Therefore, it’s imperative to take certain steps before updating software on a grand scale. The key here is ‘cordoning off’ the damage. Here are three preventative measures you should take to protect yourself from supply chain attacks:
- Do a small scale test of any new software updates before applying across your entire system.
- Monitor your system closely to pinpoint suspicious behavior patterns. That way, you can block the dangerous application before it damages your system.
- Always inspect the software provider’s website before updating their products. If a given site isn’t up-to-date, contact them prior to making any changes.
3. Phishing Types of Cyber Attacks
Phishing attacks are one of the best-known threats to small business cybersecurity. These intrusions are carried out by cybercriminals who impersonate institutional websites that companies consider reliable. Typically, phishing succeeds when users enter sensitive information into a phony website. This information can include things like credit card numbers, passwords, and usernames.
Once the attackers obtain this sensitive information, they’re free to roam the organizational system. The devastation that can ensue should be obvious to small business owners. Successful phishing expeditions can cause havoc in the lives of your customers through identity theft, credit card scams, and other fraudulent schemes. In addition to settling the inevitable class action lawsuits, your company will also have to repair any damage your network has incurred.
Organizations can guard against phishing attacks through several different means. User training is probably the most effective way to avoid falling prey to phishing attacks, but companies can employ technical approaches as well.
4. Denial-of-Service Attacks (DoS and DDoS)
A denial-of-service (DoS) attack happens when a cybercriminal makes a network inaccessible to its authorized users. It accomplishes this by blocking the network’s internet connection with a flood of superfluous or trivial requests. As a result, the system becomes overloaded and becomes unable to fulfill some portion of legitimate user requests. When the flood of requests comes from multiple sources, it’s known as a distributed denial-of-service attack or DDoS.
Protection from these types of cyber attacks typically requires a combination of tools. These tools include detection applications, traffic classification, and blocking mechanisms. For many small businesses, it’s a good idea to utilize dedicated DDoS solutions.
5. Advanced Persistent Threats
An Advanced Persistent Threat (APT) occurs when malicious code is inserted into a company network and steals data over a long period of time. This data can include things like passwords, business procedure information, trade secrets, and financial information. The slow rate at which an APT steals this valuable data makes them difficult to detect. As the code sinks deeper into the network, the attackers can eventually gain entry to a number of other company networks as well.
Traditional measures like firewalls and anti-virus protection won’t protect you from APT attacks. For adequate protection, you should use a two-pronged approach. First, you should divide your network into segments. This will contain the damage an APT can cause and keep it from spreading. Additionally, there are Advanced Persistent Threat Protection suites available. Advance Persistent Threats are some of the most pernicious types of cyber threats your company will face in the coming months, so it’s imperative that you use both of these measures.
Small Business Cybersecurity Now and Going Forward
Companies can no longer ignore the possibility of cyber attacks. Hackers are smarter and more creative today than they’ve ever been before. They’re also better equipped and possess an incredible cache of technical knowledge. Clearly, small businesses have to keep up with the efforts of cybercriminals. Otherwise, the results can be disastrous.
We mentioned a few ways to guard against specific attacks in the preceding sections, but you’ll have to do more to stay truly protected. Some small businesses choose to outsource their cybersecurity work, while others develop an in-house cybersecurity plan. We’ll finish up with a quick list of eight components that every cybersecurity plan should contain:
- A formal list of cybersecurity protocols, along with a specific set of best security practices
- Strong passwords and two-factor authentication requirements
- Updated versions of anti-malware and anti-virus software packages
- Effective firewalls
- Network monitoring systems
- Careful software update policies
- Recurring user training
- An attack response plan
Small business cybersecurity is an absolute necessity today. In fact, it’s best viewed as an essential part of doing business. Your company deserves protection and so do your clients. Make the necessary investments before the inevitable attacks occur. You’ll definitely be glad you did. Read more about today’s tax apps that are building better businesses.