We often come across news headlines where large organizations are targeted by cybercriminals, however, Small and Medium-Sized Businesses (SMBs) are not exempt from the ire of threat actors either. Recently, startups have been the latest targets of hackers, where the latter is leaking stolen databases on hacker forums for free.
Why so vulnerable?
Several startups and SMB owners might feel up a gum tree when it comes to cyber risk evaluation.
Nearly 50% of owners do not provide their workforce with any training related to cybersecurity.
Many SMBs and startups do not realize that they are under the risk of cyberattacks, since they do not have the appropriate resources to keep up with the evolving threat landscape.
Moreover, many spend on pirated or cracked software to cut down on costs.
Challenges faced
Data breaches - this is one of the fastest-growing cybercrimes. This week, the stolen databases of 18 websites were put for sale on a hacker forum for free. All the databases belonged to startups.
Extortion - the most common form of extortion is ransomware; SMBs constitute 71% of ransomware victims. Another form of extortion is Denial of Service (DoS) attacks. In the later part of March, the servers of German food delivery startup Liefrando were hit and the attackers demanded a ransom of 2 BTC.
Phishing - phishing is one of the biggest threats to small businesses. Criminals attack small businesses through web applications, constituting around 70% of breaches.
Stay safe, but how?
The first step would be to sensitize the workforce about cybersecurity practices and identifying and responding to threats. In addition to this, dealing with spear-phishing emails should be emphasized.
SMBs and startups are recommended to implement strong Identity and Access Management (IAM) systems to prevent unauthorized data leaks.
Continuous vulnerability management should be conducted to remediate code-based vulnerabilities. A more proactive intel-based approach can also help thwart threats at an early stage.
Other recommendations include boundary protection, data protection, limitation and control of network ports, protocols, and services, and account monitoring.
The bottom line
Cybersecurity is not an isolated phenomenon that only concerns large organizations; the size of an organization does not matter in today's cyberspace. No company is entirely safe from cyber attacks. However, the extent of damage can be minimized by the cybersecurity alacrity of an organization. Hence, SMBs and startups should consider cybersecurity as an integral part of their system design. The incorporation of proper security measures will aid these enterprises stay proactive and ahead in the threat landscape.