How Small Businesses Get Hacked – What Hackers Don’t Want You to Know

Many small-to-medium (SMB) size business owners believe that they aren’t important or large enough to be targeted by hackers. Unfortunately, we have found at Kivu Consulting that’s not the case. Smaller companies in general have fewer resources to spend on defending their networks, yet they have substantial assets that hackers can take. As larger organizations adopt better cyber defenses, many hackers specifically pursue SMBs as easier targets.

Hacking is becoming an increasingly serious threat to every type of company. Computer virus source code is readily available on the Internet, sometimes for free, making new malware easier to create by professional cybercriminals and “wannabe” hackers alike. Kivu recommends that all businesses have an Incident Response Plan in place, outlining the steps they’ll follow if a breach is suspected. With an Incident Response Plan, the SMB will be prepared to mitigate the damage and stop a bad event from turning into a business destroying disaster.

Here’s how a small business can get hacked and what hackers don’t want you to know:

#1. Anti-virus programs are generally ineffective

Malware is relatively easy to develop, and new malware is disseminated every minute, at an estimated rate of 80,000 instances per day. Often malware is targeted against a particular business or business sector, making it harder to discover because it is designed to avoid detection in specific environments. When malware is targeted against a particular victim, it will almost certainly get through.

Most anti-virus programs use the principle of “signature recognition”. A piece of code is recognized as a virus, the anti-virus company develops a remedy and a software update is disseminated to consumers. This process can take weeks, while malware today is often designed to last just minutes or seconds. According to a 2013 study by FireEye, 82% of malware disappears after just one hour and 70% of malware is designed for a single use. A 2014 three-month study by Redsocks Malware Research Labs found that 30% of malware in circulation was not detected or caught by common anti-virus products.

What can business owners do?

  •  Limit the data that employees and systems have access to
  • Lock every system down and make software uploads the exclusive role of the IT department
  • Get data offline to reduce the risk of it being stolen

#2. Firewalls face the wrong way

Hackers have developed tools to bypass firewalls, such as reverse shells, that can create an encrypted tunnel directly through a firewall. They can then have full, undetected access to a network, as if they were sitting at an employee’s workstation. Since firewalls are often set up to monitor only incoming traffic, they won’t see these outward illicit communications or catch valuable data being stolen.

What can business owners do?

  • Make full use of current network defenses, such as firewalls with built-in Intrusion Detection Systems
  • Ensure that their firewalls are set up to detect suspicious outgoing traffic as well as incoming traffic
  • Maintain logs (going back at least one month) of all outgoing, incoming and internal traffic

#3. The small business itself is the weakest link in the Cloud

More and more SMBs are transferring part or all of their IT infrastructure and data to the Cloud, including email, file storage and applications. Cloud-based solutions inevitably have better security than an SMB’s internal systems, but that security disappears if a hacker can pretend to be someone from within the SMB’s organization. When an intrusion occurs, it is often more difficult to identify and monitor the extent of the damage with Cloud computing, since security safeguards are no longer the role of the internal IT department.

What should SMBs do?

  •  Limit the likelihood of a hacker accessing a Cloud-based account by implementing a multi-factor authentication process for every user
  • Ensure that the Cloud service provider creates useful logs for traffic monitoring and auditing

#4. Advising employees not to open emails from “strangers” isn’t enough

Hackers can easily use social media like LinkedIn, Facebook and company websites to identify specific targets within an organization and then develop an email that looks as if it is coming from a trusted colleague. A 2013 report by Symantec found a 91% increase in this type of “spear phishing” over previous years. Once a hacker compromises one email account, a virus can be spread from employee to employee, until the hacker has access to an SMB’s finances or its most valuable customer data.

What should SMBs do?

  • Train employees to be cautious about what they publicly post online so that they are less of a target to hackers
  • If there’s the slightest doubt about an attachment or link to an online document site, encourage employees to pick up the phone and call the sender

#5. Encrypting only your company’s portable devices isn’t enough

The hard drive of a desktop computer can be worth thousands of dollars to hackers and can be removed in less than a minute. Even when a computer hard drive is encrypted, some forms of encryption take effect only when the computer is powered down and may be ineffective when the device is placed in “sleep” or “power saving” mode.

What should SMBs do?

  • Continue to encrypt all portable devices and select devices with built-in layers of safety
  • Encrypt all computer hard drives, or ensure that no sensitive data can be stored on them
  • Teach employees not to place their laptops in sleep mode while unattended, or when they take a laptop off-site

Click here to read the full white paper.

No comments yet.

Leave a Reply