SMBs: Easy targets

Share this article:
SMBs: Easy targets
SMBs: Easy targets

Small businesses have fallen victim to cyber attacks during the past year. With sophisticated criminals now leveraging social engineering and malware to compromise people inside the corporate environment, small to midsized businesses (SMBs) have become targets. Why? Because most do not spend money on the right security solutions.

The first step toward better protecting an organization is to learn how these attacks work. Most SMBs think that establishing firewalls and installing anti-virus software will fend off an outside attack. However, these entities often neglect to think beyond this type of endpoint security.

Every employee has the potential to become compromised. To exploit that vulnerability, cyber criminals size up the organization, usually by searching social networking sites for information about the team. 

After an attacker identifies a particular staffer, he can compromise that person using malware and then log into and explore the SMB's network. From there, a criminal can solidify his presence within the company to steal usernames and passwords, install back doors and create power users by altering employee permissions. Once that happens, it's easy to steal data and cover up the evidence, making it hard for SMBs to even recognize that an intrusion has occurred.

SMB attacks are on the rise because these businesses have been slow to protect themselves from cyber crime. To change that status, companies should reduce their risk by identifying sensitive data, building policies to protect it, and auditing access activity. Companies also must train users to identify phishing emails in order to curb risk. 

While user awareness is important, SMBs need additional safeguards. Such measures should include the ability to detect abnormal activity and malware-infected devices, as well as the means to contain compromised equipment and protect sensitive data. SMBs need to take these steps to defend themselves.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in Opinions

Me and my job: Chris Sullivan, vice president of advanced solutions, Courion

Me and my job: Chris Sullivan, vice president ...

This month we get to know Chris Sullivan, vice president of advanced solutions at Courion.

Threat of the month: SVPENG

Threat of the month: SVPENG

We take a closer look at SVPENG, malware that's capable of launching two different types of attacks.

Security assessment stability

Security assessment stability

We should be asking if it is worth the cost of constantly switching security assessment companies, says Ken Stasiak CEO, SecureState.