Small Business Security Essentials Stay ahead of the game on security Learn what the Small Business cyber-threat landscape looks like $2,235,018 per year today so your business can survive; reduce operational costs and grow The average amount Small Businesses spent in the securely; make security a priority aftermath of a cyber attack or data breach due to for everyone, and protect your damage or theft of IT assets and disruption to business with Cisco. normal operations. 43% It’s a bitter truth that means your business' survival As your business grows, it gets noticed and not of cyberattacks target small businesses. [1] depends on understanding cyber security. all of the attention is welcome. More and more sophisticated criminal gangs are going after small businesses. 60% of them will be forced to close as a result. [1] Cisco Annual Cybersecurity Report 2018 ‘Cisco ACR 2018’ Threats are becoming more sophisticated Ransomware this vulnerability, but not all users were Hackers know your weaknesses and how to automatically protected. exploit them Attackers can hold businesses virtually hostage, with ransomware; a ruthless practice. Ransomware Small Businesses held to Ransom Fewer of today’s hackers are in it ‘just for fun’ remotely encrypts your files without oury consent. or a challenge. Most are money motivated, Some forms of ransomware are programmed to highly organised and seldom work alone. spread across the network. Fifty-two percent of the Small Attackers are agile, while businesses can’t Businesses—participating in the Ponemon always say the same. Especially when they’ve Instead of requiring a recipient to open an email Institute’s 2017 State of Cybersecurity in Small and just been ‘making do’ with security. attachment or click on a link, current trends in Medium-Sized Businesses (SMB) ransomware—such as WannaCry, which began in report—experienced either a successful or ‘A hacker’s goal is to steal credit card May 2017—enable malicious code to be unsuccessful ransomware attack in a 12 month information, email addresses, usernames and transmitted between networks without user period. Once the infection is complete, a message passwords. Anything that can be sold on to a interaction. “WannaCry is the first one ot will appear on your screen, demanding that you higher bidder. How they do it may include some completely automate,” says Craig Williams, a pay a ransom in bitcoins for the release of your of the following techniques. senior security outreach manager at Talos, the data. A typical ransom can be anywhere from security research arm of Cisco. £200 to £10,000, but some victims have ended up paying a lot more. WannaCry affected more than 200,000 computers Recent headlines show a new generation of worldwide, and may cause an estimated $4 billion threats going viral on a global scale and in losses. WannaCry gets installed through a proliferating more quickly than ever. Cisco Talos vulnerability in the Microsoft Small Business threat research group uncovered a threat, called protocol and is particularly effective in older VPNFilter, that compromised more than 500,000 Windows environments, such as Windows XP, small office/home officeout r ers and network Windows Server 2003 and Windows 8. Microsoft attached storage devices around the world. Cisco had already released a security update to patch devices were not among those affected. This complex threat allows the actor to inspect traffic Business Email Compromise (BEC) The bigger the company, the more money they that is passing through the devices, to steal files can make. However, attacks targeting small off network backup drives, and potentially pivot Business email compromises (BEC) are 75% more and medium-sized companies are on the onto connected corporate networks. profitable than ransomware. Despite that, they increase. don’t get as much publicity. Cyber criminals understand their targets — down to their likes and dislikes and how they conduct BEC are targeted attacks, in which hackers use business. They know what they will pay for their social engineering to trick people into transferring data to be released, and they exploit any weakness money to them. There is no malware, there are no Data Breach they find ruthlessly. attachments. Unlike ransomware attacks, they don’t take any data from their victims. It’s all based Data is at the heart of everything your company on lies and misdirection. does: it’s your intellectual property, your next big break, your customer records, your revenue. A Typically, hackers spend some time researching breach costs much more than just fixing outages their targeted company and start building a profile. and damaged systems. After they know enough, they may send spear phishing emails to senior members of staff, often in Building a strong security posture can help protect the finance department. It needs ot be someone your intellectual property and your reputation. On with the authority to transfer the money. The bigger average, it takes organisations 191 days to detect the company, the more money they can make. a breach and 66 days to contain it. (Source: However, attacks targeting small and medium- Ponemon Institute). Yet the key to damage sized companies are on the increase. limitation is early detection. Crucially, the cyber criminals will target a business in the supply chain with weak cyber security practices – especially when it comes to sharing information. This is why small businesses often get targeted. Once they’ve identified the eakw link, the attacker can then focus on the exploitation of the ultimate, intended target. Defend vs attackers everywhere What to do Cisco's median time-to-detection is 3.5 hours. If a Don't let attackers sidetrack your business. Fight If you have a place in a supply chain, ask your breach happens, Cisco Incident Response them at all the places where they try to get in. Our vendors/partners how they secure their supply Services experts are available within hours to help solutions protect you from the DNS layer to email chains. Ask them about their development you contain it and fix the ootr causes. to the endpoint. And they are backed by industry- practices and their internal security controls. How leading Talos threat research. do they roll out patches and updates to their Supply chain attacks internal systems, and how often? How do they segment and secure their development, QA, and Supply chain attacks are an emerging and growing production environments? How do they vet their cyber threat, which demonstrates how skilled partners and vendors? cyber criminals have become. What happens is that the bad guys compromise the software update And be sure to ask all of these questions of your mechanisms of (otherwise legitimate) software own organisation, or you could find that it’s oury packages. That then allows them to piggy-back on organisation that is the weakest link in the supply the distribution of genuine software. chain. More info about supply chain attacks: You may have added complexity without much https://gblogs.cisco.com/uki/protecting-against- Too many businesses have a ‘stacking overall incremental effectiveness. This situation supply-chain-attacks/ problem’ isn’t helped by the fact that security is still seen as primarily an ‘IT issue’. According to the Cisco Some businesses just don’t have a clear cyber Security Benchmarks Study, some organisations security strategy. They make do with a solution don’t particularly agree that line of business until it becomes a hindrance. managers are engaged with security. The attitude is too often, ‘Security is IT’s problem.’ This is a real Others attempt to cover all bases and end up with issue, because it means that security often gets a stacking problem. A stack of various point ‘bolted on’ rather than embedded in a company’s security solutions from different vendors, all in ecosystem. Cutting corners creates more work. place at once. Both situations spell trouble. Done right, security can be a business enabler. A The patchwork of incompatible security technology platform for growth. leaves gaps, creates management headaches and makes inefficiencies upon which hackers thrive. Each new security solution comes with another The ‘attack surface' is getting larger, management interface. Each new solution and more complicated demands human resources, management hours to set up, set policy, respond to alerts and it’s not We work everywhere: at home, in the office, always clear whether the extra security outcome airports, coffee shops. Yet traditional security you gain is worth all the extra effort ouy are putting solutions still focus on protecting employees only into managing that solution - rather than focusing while on the business network. on bigger problems elsewhere. Of the respondents participating in the Ponemon Shine a light on Shadow IT Picture the scene: Institute’s 2017 State of Cybersecurity in Small and Medium-Sized Businesses (SMB) report that It’s possible to turn shadow IT into a positive - Users are accessing your network from their experienced a data breach, 54 percent say contribution to your business: own smart devices, from wherever they are negligent employees were the root cause—an increase from 48 percent of respondents in the • If you don’t already, set up a forum or an - Your business apps, servers, and data are in previous year’s study. ‘ideas on a postcard’ tool that allows your the cloud employees to submit ideas that could improve Shadow IT can create huge security vulnerabilities, the running of the business. Reward people - Devices that don’t even look like computers especially if you don’t know how far the problem for doing this, and celebrate when an idea are connecting to your networks (think smart extends. This kind of operation is like going for a becomes reality.
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages23 Page
-
File Size-