For small business owners, much has changed in the past few years – a widespread shift to remote work, a growing push for companies to use cloud apps, the general embrace of cloud data storage. In this brave new world, one thing has remained constant: For small businesses, strong cybersecurity is essential. After all, these organizations usually have limited budgets and small IT teams. This can make them a juicy target for bad actors.
In order to help address this problem, Cisco Umbrella created the 2021 Security Outcomes Study for Small to Midsize Businesses. Designed to help security or IT teams in small to midsize businesses create a strong cybersecurity strategy, this report uses data provided by 850+ professionals to determine which cybersecurity practices have the greatest impact on security outcomes and objectives.
However, understanding why certain cybersecurity strategies work for small businesses and why others don’t requires knowing the challenges facing this vertical. That’s what we’ll be discussing in today’s blog.
The Ever-Changing Landscape of Small Business Cybersecurity
Did you know that 47% of small businesses say that they have no understanding of how to protect themselves against cyberattacks? That statistic is even more alarming when you know that 43% of all cyberattacks target small businesses.1 The fact is, most small businesses just aren’t set up to do things securely. And adding remote work and the need for effective cloud security to the mix only makes things more complicated for small business owners.
For example, many small businesses use free or unmonitored cloud services to share files between employees working remotely. But unmonitored file sharing can lead to data loss and – depending what data gets exposed – regulatory breaches. Employees working from home may also do things on their devices that they wouldn’t have done in the office, like listening to podcasts or music, visiting risky websites, or checking personal emails. In these cases, a single pop-up asking to reconfirm a login and password for something like O365 can provide a phishing site with access to company O365 credentials.
Small businesses need to adjust their cybersecurity strategies to accommodate for this increase in cloud activity. After all, cybercriminals have certainly made changes to take advantage of this.
The Evolution of Cyberattacks
The past two years have seen a dramatic shift in cyberattack patterns, with more phishing attacks taking place than in prior years. And it’s likely that this trend will continue as the use of cloud-based resources becomes more mainstream.
What’s more, in the second half of 2020, Cisco Umbrella researchers observed four major cyberthreat trends:
Trojans and Droppers Getting a Second Life
Most small business owners think of cyberattacks as a simple, one-step malware infection. However, today’s Trojans and droppers are challenging that perception. That’s because these attacks consist of an initial infection followed by a later compromise.
Trojans are malware programs that compromise systems by misleading users as to the nature of the program. Once installed, Trojans typically create a backdoor that bad actors can use to exfiltrate data, execute a Distributed Denial of Service (DDoS) attack, or spy on users. Today’s Trojans can also serve as the vehicle for further attacks, delivering a malicious payload through the backdoor that can lead to another infection.
Droppers also result in multiple compromises. Designed to install additional malware, these programs can result in subsequent ransomware or backdoor compromises that occur after the initial infection.
The Occurrence of More Multi-Stage Attacks
While a well-timed cyberattack can take down a network in a matter of hours, these attacks are often the result of sophisticated, multi-stage compromises. A user might click on a link in an email that takes them to a dangerous website. This website drops malware on their machine, but the malware won’t act for hours or days. Instead, this malicious program will establish an infrastructure that allows it to exfiltrate large amounts of data or execute a catastrophic final attack that small businesses without adequate cybersecurity can’t repel.
The Rise of Cryptomining
Cryptomining uses computing resources to mine cryptocurrencies like bitcoin. A quick internet search will reveal dozens of stories of individuals using their own technology to legally make money cryptomining. Unfortunately, bad actors often take a short cut and operate their own cryptomining enterprises at small business owners’ expense.
These bad actors will use malware covertly installed on a computer or webcryptominers embedded in website codes to mine cryptocurrency. These programs eat up CPU resources as they run in the background, slowing machines and websites to a crawl for end users.
The Escalation of Pandemic-Themed Campaigns
Oftentimes, criminals will execute cyberattacks by preying on the fears or uncertainty of users. The pandemic made this easier than ever, as attackers tailored phishing emails to address users’ concerns about COVID-19 stimulus packages, vaccine rollouts, and rapid testing. Attackers mimicked government agencies, HR departments, healthcare institutions, and news sources to obtain sensitive information and take advantage of users. For many small businesses with employees separated from on-premises cybersecurity solutions, these attacks proved catastrophic.
What Drives New Cyberattacks
Using data from the Cisco Umbrella global cloud architecture, our team was able to see what threats were trending in specific regions, industries, organizations, and verticals. This data showed that small businesses aren’t immune to these cyberattacks. In fact, our research indicates that 62% of small businesses have been attacked!
This vulnerability has many causes. A lack of funding, lack of comprehension, or general belief that cybercriminals only target large enterprises means that many small businesses don’t prioritize cybersecurity in their strategic planning. But the truth is that cybercriminals often start with small businesses before moving up the chain to larger targets.
Small businesses that have recently gone remote also make juicy targets, since attackers can take advantage of the chaos caused by a quick pivot in business operations. The recent uptick in phishing attacks illustrates this point perfectly – compromising users outside of their comfort zones is easier than targeting users relying on familiar cybersecurity protocols.
Unique Cybersecurity Challenges Affecting Small Businesses
Unfortunately, the consequences for a cyberattack can be severe for small businesses. A large enterprise suffering a data breach might have to weather negative press, a damaged reputation, and maybe legal action. A small business suffering a data breach, on the other hand, often doesn’t exist long enough to weather these consequences. Stolen passwords, compromised financials, reduced brand reputation, lengthy downtime – the fallout of a cybersecurity incident can quickly drive small business under.
What’s more, small businesses face key problems when tackling cybersecurity challenges:
- Poor attribution – To respond to a cyberattack, you need to know who’s been compromised, where, when, and how. But many small businesses, especially those lacking a dedicated security team, find themselves flying blind during a cyberattack. Was it caused by an email? Do you need to reset passwords? Did someone visit a malicious website? No one knows, so no one knows what to do.
- Visibility and coverage gaps – Remote or roaming employees can make it difficult for a security team or small business owner to see the complete picture with cybersecurity. But cyberattacks won’t stop when businesses can’t see what’s going on, and unprotected small business assets are an easy target.
- Limited security resources – Small business owners are used to operating on a tight budget, and the COVID-19 pandemic only added to that financial strain. With even more resource limitations than usual, cybersecurity often gets bumped down the list of priorities.
- Vendor overload – No one likes logging in to find an avalanche of notifications. Unfortunately, a robust cybersecurity architecture – which often involves solutions like DNS-layer security, a secure web gateway, and others – can lead to notification overload when these solutions come from different vendors. This makes it difficult to tell when there is an actual incident.
Because of this, it’s crucial for small businesses to create cybersecurity strategies tailored to meet their unique needs.
What to Look for in a Cybersecurity Solution
While we dig into creating an effective cybersecurity strategy for your small business in the 2021 Security Outcomes Study for Small to Midsize Businesses, there are a few things you can keep in mind when evaluating potential solutions. Focus on end-to-end security that delivers the most bang for the buck by accomplishing five key tasks:
- Keeping employees connected, protected, and productive
- Protecting both on- and off-network users
- Securing the company network, cloud, and endpoints
- Protecting customer, business, and financial data
- Growing along with your business
In an on-demand Cisco Umbrella webinar, leading data scientist Austin McBride and small business cloud security expert Randy Silver discuss how Umbrella helps small business customers meet these needs and stand up to today’s cyberthreats. Listen to their discussion today, or download our 2021 Security Outcomes Study to start creating a cybersecurity strategy for your small business.
1 Maddie Shepherd, 30 Surprising Small Business Cyber Security Statistics, Fundera 2021.