Don’t hide behind your low profile, cybercriminals have gotten wise to that strategy.
We’re deeply concerned about cybersecurity at Complete Network. That concern is based on both our many years of experience helping businesses combat cyber threats, and the latest research which shows an increasingly hostile threat landscape. According to auditing firm BDO, there was a 350% increase in ransomware attacks, and a 250% increase in spoofing attacks in 2018. According to a separate study by the Ponemon Institute, 68% of small businesses were the target of a cybersecurity attack last year.
Our experience helping companies in Charlotte and Albany reflects this nationwide trend in cybersecurity, hackers turning their attention to smaller businesses. Roughly half the companies we talk to these days have already experienced a cybersecurity breach. Ten years ago, that number was closer to one in twenty.
Counting on your low profile to protect you from cybercrime is no longer an option.
The Real Face of a Cyber Criminal
One factor driving complacency is a lack of understanding about the threat. Many executives still have an image of the hacker as a highly skilled individual that interacts with targets on a one-to-one basis. With this impression in mind, it can be easy to think, “What would they want with my little company? Surely there are better, more worthwhile targets out there.”
The problem is that this image doesn’t reflect the reality. Today, the average cybercriminal is more like a hooligan than a cat burglar, spreading mayhem with tools that enable him to do damage far beyond his technical ability. Understanding this is the first important step in creating a solid cybersecurity defense.
The New Tools for Cybercrime
Another factor driving the increase in cybercrime is the expanded set of tools available to hackers, including Malware as a Service (MaaS) and Cybercrime as a Service (CRaaS) kits. Many of these software packages include utilities to make launching a cyberattack easier, like tools to locate vulnerable ports and devices on a network, or automations for the more repetitive aspects of the infiltration process. The more sophisticated services can even be purchased on a subscription basis, just like commercial software as a service (SaaS) products, and provide both software updates and technical support.
The dark web has made these tools readily available to even casual cybercriminals. In fact, according to Positive Technologies, the demand for ransomware creation services on the dark web now exceeds supply by 3 times, pointing toward continued growth and development of this booming sector of the underworld.
It’s not just MaaS and CRaaS products that you can find on the dark web, though. There are many other tools for facilitating cybercrime that are easily located on both the dark and non-dark web. Amateur criminals can purchase access to remote servers anywhere in the world, rent computing infrastructure to launch phishing or denial of service (DDoS) attacks, purchase stolen credit card or PayPal information, and access virtually whatever other resources they need to in order to make their crimes efficient and profitable.
For more information about the dark web’s role in facilitating cybercrime, we recommend reading Deloitte’s report, Black Market Ecosystem: Estimating the Cost of Pwnership, an in-depth paper that explores the technical and economic means by which threats proliferate freely on the dark web.
Emerging Threats Increase the Pressure
If the threats were just increasing in number the situation would be dangerous, but that’s not the only thing that makes cybersecurity such an urgent concern in 2019. Another major factor is the constantly changing threat landscape. Every day, there are roughly 1,000 new malware variants produced per day, while hackers tirelessly seek out new vulnerabilities in popular software, known as zero day exploits.
The speed at which new threats emerge necessitates action. Have you heard of cryptojacking, the process of seizing on a computer and using its resources to mine cryptocurrency? How about cross-site scripting attacks, or software subversion attacks? These are all attacks that we expect to see a significant increase of in 2019. If you aren’t familiar with these threats, and taken steps to mitigate them, it means your network is vulnerable.
Your Team, Asset or Vulnerability?
The staff at your company is the first line of defense against cybercrime, but they’re just as often a liability as they are an asset. Statistically, they continue to open phishing emails, they can be negligent with company information, and they’re prone to losing company mobile devices. They may even present a cybersecurity risk themselves.
Here again, preparedness is key. While enabling multi-factor authentication, strong password policies, and other security controls can help, educating your workforce about the latest threats is a best practice that gets overlooked far too often. For example, research shows that a vigilant program for training employees can significantly lower the rate at which they open phishing emails. As phishing is the most common method hackers use to infect businesses with malware, this training could save you hundreds of hours of productivity when you’re attacked next.
Proactive Cybersecurity is the Only Real Option
Cyber criminals can do more damage with less effort than before, so what’s the solution? Proactive cybersecurity. We strongly recommend that all businesses in the Albany, New York and Charlotte, North Carolina areas adopt vigilant security measures to keep themselves safe, no matter how small their operations or “under the radar” they feel.
Proactive cybersecurity is a project that requires ongoing vigilance, such as regularly updating and patching systems, enforcing strict authentication controls, then routinely updating those protections to reflect the latest threat intelligence.
The Complete Network team is happy to help businesses that are struggling with their cybersecurity. If you have any questions about how to improve your security and take a proactive stance against the most recent threats, feel free to contact us any time at 877.877.1840 or [email protected].
We look forward to speaking with you!