đź•’ 5 min read
✏️ Simon Minton
The Covid-19 outbreak has seen an uptick in cyberattacks against individuals and businesses..
Small businesses have been particularly targeted; by May 2020, 13% had experienced a cyberattack.
Cybercriminals are out to exploit human interest, as well as the surge of remote working during the pandemic.
Understanding how employees and businesses are being targeted – and the new risks of working from home – can enable IT teams to take practical steps to defend the business.
Cybercriminals have been working hard to take advantage of the Covid-19 outbreak, and particularly people’s interest and concerns about current events.
There has been a significant rise in attacks taking advantage of specific news stories. For example, when UK Prime Minister Boris Johnson was hospitalized, there was an almost immediate peak of ransomware and phishing attacks, with lures relating to the story.
Malicious software might be downloaded when a link is clicked, or the user might be encouraged to enter their personal information, including username and passwords.
Interestingly, rather than creating bespoke tools, most attackers have been leveraging off-the-shelf ransomware or software – targeting individuals, rather than organizations.
These largely automated attacks might exploit well-known vulnerabilities in software or operating systems, looking for individuals that are using software which is unpatched and has exploitable vulnerabilities, or aren’t using multi-factor authentication to access their applications.
Small businesses might not be the initial target, but once an employee has been compromised, attackers can quickly target the company they work for, moving laterally to scope out and attack high value systems.
Once cybercriminals find the weakest point, be it the people, processes or systems in place, the business itself becomes the victim.
Unfortunately, the rise in remote working has also made many small businesses more vulnerable to attack.
Previously, your business might have been relying on a VPN or a firewall to protect access to key applications.
But many employees have been prioritizing getting operational as quickly as possible – by accessing cloud-based applications directly to get the tools and data they need, rather than going through the network.
Many small businesses have not adapted their security controls to prevent attacks on cloud-based applications (such as SaaS software).
This has given attackers a wider cyberattack surface to target, according to RiskIQ.
But importantly, it also means many employees may be circumventing key security practices and leaving the business exposed in new ways.
In fact, half of remote workers admit to cutting corners on their IT security during the pandemic.
The security needs of small businesses have changed. And now, it’s vital to work with your employees – and as an organization – to adapt.
Individuals are the most common entry point for cyberattacks right now. Arming staff with knowledge about criminal tactics will help prevent successful attacks, especially with employees working from afar.
Attackers by their nature exploit human interest, whether it’s a juicy story or an apparently urgent spreadsheet from a boss. Employees should be encouraged to adopt a healthy cynicism about communications.
Think carefully before you click a link; banking and other websites can be easily spoofed, and these fake websites will steal your log-in credentials as you type them in. It’s better to go to banking websites directly via your browser. Checking the authenticity of emails and their attachments can also prevent attacks before they begin – even if sometimes it means an extra email to a colleague.
Security awareness training has historically been very dull, and it’s unsurprising that employees don’t recall the training. In fact, before the pandemic less than half of small business owners provided training for employees to stay secure when working from home.
But there are interesting new approaches out there. One company puts attendees into a virtual environment that sends haptic feedback (similar to your phone’s haptic technology) whenever they click on a malicious link or engage in other risky behaviour.
Memorable training can help employees to understand why security practices exist and follow them each day.
Employees tend to turn to workarounds when it’s too hard to follow a secure process. Ensure that new technologies are both secure and easy to use – and people won’t be tempted to circumvent them for easier alternatives.
Small businesses have adapted incredibly quickly to the challenges of the pandemic, often creating new working methods in the process. But now, it’s up to IT teams to ensure their security processes reflect this next normal.
In the “old world”, once a user had passed the firewall onto the network, they could effectively move around as they wanted. If a user’s account then got compromised, the attacker could also move around in a way that’s hard to detect. But now applications and data are moving to the cloud – where employees access them directly – deploying a zero-trust network makes more sense.
Essentially, that means a process of continual authentication: identifying and authenticating the user, checking their permissions, ensuring that their device is secure, securing their connection directly, and monitoring applications for misuse.
Importantly, the zero-trust network can actually make life easier for the user, who can access systems anywhere, without going through the network. The business also benefits because it doesn’t have to pay for expensive network connections to connect users to applications. Win-win!
Passwords aren’t the strongest line of defence for an individual or a business. Multifactor authentication (MFA) can help employees to protect their identities – and reduce the likelihood and the impact of attacks.
MFA works by prompting employees to verify their identity through a second form of evidence (in addition to their password). This can often be done through an app, perhaps on their mobile device.
Many small businesses work with Managed Service Security Providers (MSSPs) to support their security. In the past, this has often entailed firewalls or VPNs to protect the network.
What’s important today is ensuring your partner understands how the business’ attack surface has changed – and can provide tools to protect your data where it actually resides..
Small businesses – and especially their IT teams – have done an incredible job in adapting to the Covid-19 outbreak. But there will always be criminals looking to take advantage of vulnerabilities, to exploit individuals and businesses.
By working closely with employees, and adapting your security infrastructure for the new environment, you can keep your business safe.
Read more from Tech Connection about keeping your employees safe during unprecedented remote working. You can also learn more about small business security solutions that can limit threats, not your business and how Cisco is helping to support small businesses to recover from the economic impact of the global pandemic.
Many of us spend our working lives in our inbox. Email remains one of the most widespread business communication tools – but that also means it’s one of the biggest entry points for cyberattacks. According to our 2019 CISO Benchmark Report, enterprise security leaders consider email to be the number-one threat vector, and it’s not hard to understand why. Verizon’s annual Data Breach Investigation Report – to which we’re a contributor – found that email is the number one vector for both malware distribution (92.4%) and phishing (96%).
If you’ve ever been to a night club, then you’ve probably encountered a bouncer or two. They’re there for a good reason: a keen eye and some good protection are the key to keeping party guests in line. Automated cyber security operates on your systems much like bouncers at a party or a nightclub do: it makes sure only invited guests are allowed in and monitors everyone in case of trouble, quickly ejecting an offending party and ensuring that everyone else has a great time (aka uninterrupted business growth and profitability).
Why do cyber criminals target small businesses, when there are potentially fewer rewards for them?One reason is that when small businesses are in a ransomware predicament, they have to weigh up the costs of paying the criminals against not paying and experiencing downtime. Due to a lack of preparedness for a ransomware attack, sometimes the cost of paying the ransom works out cheaper.