Small and medium-sized businesses are not immune to cyber threats. They need to research and prepare for attacks just like large companies would. Unfortunately, small businesses tend to have fewer resources and less talent available to strengthen themselves against attacks.
In March of last year, AI detected a sophisticated and highly targeted cyberattack exploiting a zero-day vulnerability in multiple organizations. The attack was detected, investigated and contained by the AI, and the system determined that it was a completely new threat. Two weeks later, that campaign was publicly attributed to a Chinese nation-state actor known as APT41. Organizations threatened by the attack included government entities, critical infrastructure, large corporations, but also, surprisingly, medium-sized businesses.
We have entered a new era of cyber threat. If measured as a country, cybercrime would be the world’s third-largest economy after the United States and China. Mid-sized businesses are often seen as a soft underbelly for cybercriminals. A common misconception exists among cybercriminals that midsize businesses do too little to bolster their cybersecurity, making them an attractive target. As in the case of APT41, they are often targeted as a gateway to higher value targets, critical systems and highly classified information. Most plan to make, or have already started to make, the radical organizational and technological changes that define a digital transformation, and a growing majority say these adjustments will soon be critical to their competitiveness.
But the cyber challenge facing midsize businesses is multifaceted. They are indeed under-resourced and are particularly affected by a global cyber-skills shortage. Small, if any, security teams are tasked with defending the business against the full range of cyber threats, from sophisticated, original and targeted campaigns to very rapid smash-and-grab attacks, while managing a workforce. increasingly distributed and complex. digital infrastructure. The challenge goes beyond adequate resources: the threats these organizations face are too fast or too stealthy for humans to tackle, and the number of new avenues for hackers is growing at too fast a rate to that security teams can monitor them.
We can’t stop the violations
The recent Colonial Pipeline attack demonstrated the damaging ripple effect of brutal measures taken to combat ransomware. To contain the breach, operators closed 5,500 miles of pipeline, which carry 45% of the east coast’s fuel supplies. The incident came shortly after a ransomware attack on Scripps Health, a major San Diego healthcare system, which resulted in the suspension of access to its online portal and website. The Scripps network was not fully operational for weeks after the event.
This type of disruption is intolerable for midsize businesses. Not only is this potentially damaging to customer relationships and the organization’s broader reputation, the cost can be enormous. In the case of ransomware attacks, the cost of recovery after a shutdown is often 10 times the amount demanded as a ransom by attackers.
Traditional security solutions attempt to prevent attackers from entering the system by identifying threats based on historical attacks. They classify known attacks as “bad” and guard against them on this basis – commonly referred to as the “rules and signatures” approach. However, what we have learned over the past decade is that just trying to prevent attackers from gaining access to systems is futile – it will only work for low level attacks. This does not work for the advanced attacks that these companies are now facing.
Instead, business leaders need to contain attacks quickly and minimize disruption so that the organization is not adversely affected. To accept that attacks come into play is not to accept failure. It’s the reality of being a mobile, global and interconnected business.
Once midsize businesses accept that their systems are susceptible to penetration, they should use the following strategies to learn how to respond effectively.
Monitor and target: Once an attacker has gained a foothold in an organization, it is essential that the security team continually monitor anomalous behavior to detect the breadcrumbs of emerging attacks. There is always a period when the attacker has an initial anchor point and determines what move to make next; this period can be used for the benefit of a business.
Always expect a violation: Companies need to test their existing capabilities and have a plan of action for the worst. They must constantly monitor whether existing mechanisms give enough warnings and are able to fend off threats long enough for the company to take action. At what stage of the attack is the security team alerted? Do the defenses slow the attacker down, giving the team the opportunity to counterattack? The segregation of the networks will make it difficult for the attacker to move sideways at a sustained pace.
Create a culture of safety: Business leaders need to be clear about the importance of cybersecurity across the organization, and all departments need to know that cybersecurity is about them. The Council should be regularly informed about cybersecurity and security providers should be involved in this process. Ideally, the CISO should be part of the management team. If not, key personnel within the security team should regularly brief the management team on how the business is responding to cyber threats.
Look at your supply chain: Attackers look to smaller vendors or third-party vendors to find vulnerabilities and get deep into critical systems. We only have to come back to the SolarWinds attack to see the damage that can occur. Vendor vulnerabilities are everyone’s vulnerabilities. How robust is the provider’s security? Do they have external certifications that confirm they take security seriously?
When it comes to cyber, we have to accept vulnerability, but we can no longer tolerate victimhood. The only way to completely eliminate the risk is to disconnect your business from the Internet. With the right technology, cyber attacks should be caught multiple times before they manage to encrypt files and extort business leaders. Midsize businesses must opt for sophisticated cyber defense while understanding that the ‘path of entry’ for attackers is never static – it varies as vulnerabilities and techniques evolve – and they must embrace technologies that intervene to stop encroachment attacks.