Key vulnerabilities: devices and people

Greg Mosher 22 Mar 2018

Cybercrime goes after these two primary attack surfaces of SMBs - Devices & People. These key vulnerabilities are critical in keeping your business secure.

You’ve probably heard countless terms relating to cybersecurity, but here we are going to focus on just one: attack surface. An “attack surface” is simply the number of possible ways an attacker can get into a device or network and extract data. It’s an especially important measurement for SMBs because most think they are too small to be a target, but a quick look at their attack surface shows that it is in fact quite large, increasing their exposure to risk.

To provide the proper protection for SMBs, it is important to align your security services with these two primary attack surfaces: devices and people.

Devices

The number of devices SMBs use is growing, which is resulting in more gateways for cybercriminals to carry out attacks. Predictions are that by 2025, businesses will account for 13.3 billion devices connected to the internet, ranging from laptops and phones to internet of things (IoT). This inevitably means that the use of vulnerable operating systems and applications will increase as well.

The #1 threat to devices: hybrid ransomware attacks

A ransomware attack on its own is bad enough. It allows hackers to take control of a device, after which they demand a ransom for you to get control back again. Nowadays ransomware is also spread in a hybrid form. By combining ransomware with the capabilities of a worm, it is capable of setting up the victim for multiple blackmail attempts, both for decrypting the data and threats to release said data.

Signs that you may be infected with ransomware or other hacking activity include:

  • Sudden increases in disk activity and CDP (continuous data protection) system activity
  • Discovering the installation of unauthorized software
  • Unsuccessful attempts to enter infrastructure apps or network shares
  • The response times of your system suddenly become sluggish
  • Finding new user accounts (particularly privileged accounts)
  • Sudden glitches in systems including backup and security
  • Port scanning like PINGs coming from within your own network 

If you experience any of these symptoms, there is a very good chance that your system has already been compromised. Once a hacker has infected your system with malware, the malicious code is executed and either runs autonomously or directed by the hacker. From there, the hacker encrypts valuable data as quickly as possible and contacts the user with a ransom demand while their code self-deletes, except for payment instructions. However, even, if the ransom is paid and the hacker releases their hold on your system by providing a key to their encryption, they have almost certainly left some lingering malware for further extortion down the line. 

People

Cyberattacks are becoming more sophisticated every day and are mostly targeted at employees because they are the weakest link in the digital security chain. In fact, 37% of security breaches can be attributed to human error. Password policies and other safeguards designed to protect people, such as multi-factor authentication, are not standard practices within most SMB organizations.

The #1 threat to people: targeted social engineering

An increasing number of businesses have to deal with advanced social engineering tactics that trick employees into handing over confidential company data. The cybercriminal often contacts employees via email, pretending to be a credible organization such as FedEx, a bank, or even a colleague.

Combine this with the increasing trend for companies towards BYOD (bring your own device) and a lack of personal interactions, cybercriminals target people with access to important data to manipulate them. Rather than stealing a password or electronically breaking in, this insidious technique uses the victim’s own psychology against them to make them give up information or even commit crimes themselves.

Such techniques include: 

  • Tailgating - Someone without proper credentials to a physical location gaining access by following closely behind an employee, striking up a conversation, posing as a delivery person, or asking them to hold the door.
  • Quid Pro Quo - As the name implies, this technique relies on people believing in a promised reward in exchange for valuable information, such as fake Social Security calls to “verify” your number.
  • Baiting – Relying on the curiosity of human nature by providing the victim with physical media like thumb drives and CDs to use, or directly gaining user login credentials through offers for free goods and services.
  • Pretexting – Posing as someone who the individual trusts and using a pretext that is believable, such as notifications of unusual bank transfers, someone performing an external audit, or HR calling to confirm certain details already on record.

Essential components for MSPs

It’s the perfect time for managed security services to save the day, providing that strong, cost-effective cybersecurity protection SMBs now require. The most successful MSPs will know the best way to protect every attack surface, as well as the reasons why SMBs are such attractive targets for cyberattacks.

Download our white paper to learn more about the three essential components MSPs need to deliver to effectively defend SMBs in today’s digital world.

Updated on April 22, 2022 with new updates and information

--> -->