While attacks against big businesses make headlines, it’s small- and medium-sized companies that are increasingly being targeted by cybercrooks. Symantec found that 43 percent of all cyberattacks worldwide last year targeted companies with fewer than 250 employees. And even the U.S. government is sounding the alarm, making protecting small businesses a “top priority” of the House Committee on Small Business.
How are hackers getting inside? Long-trending issues like failure to change default passwords, employees opening spam email, and workers clicking on dangerous web links at work all remain massive problems that won’t be going away soon. However, they will soon be joined by some newer exploits that are making the security landscape much more complicated.
Here are four of the biggest emerging cybersecurity risks.
Data and Device Proliferation Makes Security More Complex
Two of the biggest trends in technology in recent years are the rise of mobile devices as a primary computing platform and the growth of the cloud for data storage and processing. These have opened up a vast new world of work for large and small companies alike, but they have also created a much more complicated security environment. Enterprise-class organizations have largely figured out how to implement cloud security tools and mobile device management platforms to mitigate these risks, but SMBs are still finding their way – and they’ll need to figure it out, quickly.
Intellectsoft CEO Paul Bach says, “Consider a doctor’s office, where nurses and doctors more increasingly rely on mobile phones and tablets for email, data input, prescription cataloging, and patient history. Just a single breach of patient data could potentially expose confidential info belonging to hundreds of patients. In a large hospital, they might have a well-trained IT team onsite to implement security. But most small-medium sized businesses do not have an onsite IT team, and are intimidated by the cost and complexity of a security solution.”
When equipment is entrusted to the hands of employees 24/7 (as in the case of employee mobile phones used for corporate work), the situation gets more complex. “Laptops get lost, phones get swiped, and your company’s data is in the hands of whoever finds it,” says IT consultant Tim Singleton. “For most companies, it presents a threat to customers and trade secrets. For medical clients, it poses an actual criminal risk.”
Websites Held for Ransom Cost Companies Time, Money, and Embarrassment
“Ransomware” is a common type of desktop exploit in which system-crippling malware is installed on a victim’s PC, and the only way to remove it is to pay its creator to take it off. This would net the crook a few bucks for each successfully paid ransom.
That’s old news. Hackers have set their sights on greener pastures: Hacking into business websites, defacing or disabling them, and requiring a much higher ransom to return control back to the company. “Many SMBs are unfamiliar with how their web hosting works and how to secure it, which makes many sites low-hanging fruit for fraudsters,” says Steve Hamrin, owner of a Lexington, Kentucky-based computer service company. “This can be an enormous hole to dig out of for an SMB.”
The Internet of Things Opens New Doors for Hackers
The world is enamored with web-connected fitness monitors, video cameras, and consumer appliances… and most experts see this as a security disaster in the making.
“I listened to a pitch in a local Sam’s Club a few weeks ago from somebody selling remote controlled door locks,” relates Greg Scott of Infrasupport, an IT infrastructure consultancy. “I asked the guy about how to secure them and he said, ‘They’re locks – they’re for security.’ I asked him how do they defend against somebody impersonating me and using a cell phone to unlock my door locks and he said, ‘Well, they run over the AT&T network, so that’s pretty secure.’ That’s the state of IT security knowledge in the SMB space.”
IoT devices will ultimately give hackers an exponentially greater number of avenues – called “attack vectors” – in which they can find a weakness and exploit their way into an organization’s network infrastructure. Expect to see a major news headline within the next two years that blames a major corporate hacking event on an IoT product.
Third-Party Security Becomes a Troubling Problem
We live in a world of contract labor, outsourced help, and freelance workers. Train your internal staff about good security habits all you want – what good will that do you if a freelance designer who’s logged into your content management system carelessly leaves his laptop unguarded at a coffee shop?
This is an increasingly common scenario with no great solution. You can require outsourced workers to complete your training courses, carry cybersecurity insurance, and follow certain policies, but enforcement is difficult, and rules like this can cause businesses to run afoul of labor laws, requiring classification of those contractors as employees – leading to heavy employment tax penalties.
At Insightly, we offer a CRM used by small and mid-sized businesses from a huge variety of verticals. Learn about all of Insightly’s features and plans on our pricing page or sign up for a free trial.
About the Author: Christopher Null is an award-winning business and technology journalist. His work frequently appears on Wired, PC World, and TechBeacon. Follow him on Twitter @christophernull.
