Malware, Phishing and Ransomware attacks. For many small and medium businesses (SMBs) with less stringent cybersecurity defences, these terms have become a harsh reality as the business of cybercrime becomes more professional and more automated, with serious implications. Not only the risk of losing revenue, but also damage to brand reputation, loss of clients and negative impacts on staff – combining to make cyber threats deadly for SMBs.
What is the cybercrime landscape in Australia?
The Australian Cyber Security Centre (ACSC) received more than 67,500 reports of cybercrime during the 2020-21 financial year, an increase of 13% from the previous financial year. This was largely driven by a higher level of online engagement due to pandemic-driven remote working and adoption of cloud-based solutions across the public and private sector.
With an increased reliance on online systems accessed through devices, the attack surface for cybercriminals has exploded, leaving businesses, especially SMBs, vulnerable to attack.
According to the ACSC, small businesses (5-19 employees) made more cybercrime reports than in the previous financial year and medium-sized businesses (20 – 199 employees) had the highest average financial loss per attack. BlackBerry’s 2022 Threat Report found SMBs suffer an average of 11-13 threats per device, a number far higher than larger enterprises.
How are these attacks affecting SMBs?
Unfortunately, some attacks have also led to high profile attacks on critical infrastructure and essential services. The Five Eyes Alliance warning in May 2022 to Managed Service Providers (MSPs) is testament to this, issuing urgent guidelines to help protect not only the mid-market, but also the small businesses in the IT supply chain as the new frontline of defence.
Breaking down the attacks
Just like Uber, Airbnb and Airtasker – there is a shared economy in the cyber underground. Threat actors targeting SMBs can sometimes be clumsy, leaving behind playbook text files containing IP addresses and more, according to BlackBerry’s 2022 Threat Report.
This suggests that while the ransomware may be sophisticated, it is being sold to common cyber criminals. Malware tools – like backdoors, infostealers, and even the ransomware used to take down the US Colonial Pipeline – are being sold to anyone on the dark web.
To add to this, rising use of digital channels has brought old tactics – such as phishing and watering hole attacks – back into fashion, predominantly due to their ability to scale. These tried-and-true tactics will be continually used by threat actors even as we see innovations like augmented reality (AR) and the metaverse develop and enter the mainstream market.
It seems obvious, but SMBs are struggling to secure countless unmanaged employee devices who are working remotely. Some groups are exploiting personal devices used for work-related tasks like checking email, accessing documents, or storing login credentials.
Others engage in massive phishing and smishing campaigns to fool people, such as clicking on a link sent by SMS or even, scanning a ‘bad’ QR code. In other cases, they write malicious apps appearing to be legitimate software to trick users into installing and launching them.
Next steps for SMBs at risk
The harsh truth is – smaller businesses are at higher risk than larger organisations. 2021 was a testament to this with countless attacks on SMBs. They are the perfect target for financially motivated hackers because they are more vulnerable. Also, many SMBs tend to rely on legacy antivirus software and infrastructure– which don’t stand up to the methods used by today’s cybercriminals. Not to mention, finding the skilled people to manage it.
So, the challenge for many resource-strapped small businesses is – where to start? Gov’ts and top cyber firms have taken positive steps to offer help. As well as the Five Eyes guidance, the Global Cybersecurity Alliance (GCA) and the Australian Cyber Collaboration Centre (A3C) have just announced a range of free tools and services to help companies stay safe online. For firms trying to get to grips with the challenge, this is a great place to start.
However, the unrelenting scale and sophistication of today’s cyberattacks is extremely challenging for the likes of a small retail, construction or legal business that must act yesterday to prevent tomorrow’s attack. Enterprise security teams are challenged by increasingly sophisticated attackers moving at speed across larger attack surfaces, so what about those companies that have one or two IT employees (if any) trying to do it all?
This is where a managed Extended Detection and Response (XDR) service, on subscription, can give SMBs their own ‘shared economy’ cybersecurity model. This means enterprise-grade skills and protection at a fraction of the cost. Using Artificial intelligence (AI) cybersecurity tools as a force multiplier, XDR gathers enriched threat intelligence across the entire attack surface, contextualised to improve human and automated response actions.
For example, a cybersecurity analyst will lose valuable time completing mundane tasks like sifting through alerts, whereas a managed Extended Detection and Response (XDR) service provides a team of experienced technical experts and automated 24/7 threat monitoring.
This greatly eases the stress-levels and burden on management and internal staff – giving them time back to focus on other important tasks, knowing cybersecurity is taken care of.
Given the volatility of the threat landscape – tools and support that take the pressure off stretched security teams are vital. A prevention-first model, leveraging AI and shared services like XDR, will not only protect data and endpoints, but will help SMBs save time and money.
This is also helped by Australian government tax incentives available to small businesses for digital software investment and skills and training. By creating these new efficiencies, management may then have some breathing room to train and upskill existing staff, reduce stress and improve the workplace culture. Happy staff, happy customers!