SMBs: Easy targets

Share this article:
SMBs: Easy targets
SMBs: Easy targets

Small businesses have fallen victim to cyber attacks during the past year. With sophisticated criminals now leveraging social engineering and malware to compromise people inside the corporate environment, small to midsized businesses (SMBs) have become targets. Why? Because most do not spend money on the right security solutions.

The first step toward better protecting an organization is to learn how these attacks work. Most SMBs think that establishing firewalls and installing anti-virus software will fend off an outside attack. However, these entities often neglect to think beyond this type of endpoint security.

Every employee has the potential to become compromised. To exploit that vulnerability, cyber criminals size up the organization, usually by searching social networking sites for information about the team. 

After an attacker identifies a particular staffer, he can compromise that person using malware and then log into and explore the SMB's network. From there, a criminal can solidify his presence within the company to steal usernames and passwords, install back doors and create power users by altering employee permissions. Once that happens, it's easy to steal data and cover up the evidence, making it hard for SMBs to even recognize that an intrusion has occurred.

SMB attacks are on the rise because these businesses have been slow to protect themselves from cyber crime. To change that status, companies should reduce their risk by identifying sensitive data, building policies to protect it, and auditing access activity. Companies also must train users to identify phishing emails in order to curb risk. 

While user awareness is important, SMBs need additional safeguards. Such measures should include the ability to detect abnormal activity and malware-infected devices, as well as the means to contain compromised equipment and protect sensitive data. SMBs need to take these steps to defend themselves.

Share this article:

Sign up to our newsletters

More in Opinions

Hackers only need to get it right once, we need to get it right every time

Hackers only need to get it right once, ...

Hackers only need to find one weak point to steal valuable information. On the flip side, security pros need to account for every possible scenario.

Successful strategies for continuous response

Successful strategies for continuous response

While it isn't realistic for organizations to expect that it will never happen to them, a rapid, professional and continuous response can limit their scope and reputational impact.

When it comes to cyber attacks, predictions are pointless but preparation is key

When it comes to cyber attacks, predictions are ...

Rather than predicting the next lightning strike it is far better to pay attention to the areas we already know are vulnerable.