As a mid-size business, you might think that attackers have little to no interest in your organization’s data. Malicious actors often deploy widespread attacks targeting a vulnerability or industry rather than against a specific organization. Since many malicious actors are financially motivated, they want to collect as much money with as little effort as possible. Further, the dark web has become an online market for selling attack kits. By adopting subscription business and customer service models, less sophisticated attackers can deploy attacks, making it even more difficult for organizations with limited IT and security resources.
Research from Identity Theft Center (IDC) 2023 Business Impact Report found that:
- 20% of small businesses experienced a data breach
- 29% of small businesses experience a security breach
- 24% of small businesses experienced both
- 30% of attacks were caused by external attackers
By understanding the types of cyberattacks that can impact your organization, you can implement best practices to mitigate risk and protect data.
Why do malicious actors target small and mid-size businesses?
Malicious actors may not specifically target small and mid-size businesses (SBMs), but these companies often use the same technologies as their enterprise-level counterparts. Threat actors often focus on the security vulnerabilities that will provide as much unauthorized access to systems, networks, and data as possible, including:
- Stolen or leaked credentials, like usernames and passwords
- Common vulnerabilities and exposures (CVEs), like software, application, and operating system technical issues
- Misconfigurations, like default passwords on applications or unnecessary application functionalities that interact with the public internet
When attackers scan the internet to look for and target vulnerabilities, they can compromise more organizations, with an SMB just one of many companies impacted. For example, in 2024, Microsoft published CVE-2024-26231, a vulnerability that attackers could exploit if they had the privileges to query the Domain Name Service (DNS) and remotely execute code on a Windows DNS server. Any organization, large or small, whose digital infrastructure incorporates this server would be at risk.
While attackers may not be targeting the SMB market, these organizations are more likely to have fewer cybersecurity resources, like a smaller security team or less sophisticated cybersecurity technology stacks. Without these resources, the widespread attack has an oversized impact on this market segment.
What is the impact of a cyber attack on an SMB?
A cyber attack has a widespread impact on a company’s operations, which creates various hardships.
When trying to balance the costs and benefits of security, you should consider the following negative impacts a cyber attack can have:
- Financial: Response, recovery, and notification costs, with the IDC noting that 26% of attacks cost $250,000-$500,000
- Legal: Defense costs and lawsuits from theft of personally identifiable information (PII)
- Compliance: Fines and penalties for violations related to the attack
- Customer trust: reduced revenue from customers turning to competitors after an attack
- Business interruption: customer and workforce service outages from cloud infrastructure disruptions
What are the most common cybersecurity attack types affecting SMBs?
Knowing the most common attack types is half the battle for most SMBs. With insight into likely threats, you can add security controls and start to mitigate as much risk as possible.
Ransomware.
Ransomware is a type of malware that encrypts files on a victim’s system, holding the organization and its systems hostage by denying legitimate users access to their data and operations. Additionally, many ransomware attacks include extortion, where malicious actors steal sensitive data and threaten to post it on the dark web. If the organization pays the requested ransom, the attackers promise to return the data and provide the decryption key to unlock systems.
Denial of Service (DoS)/Distributed Denial of Service (DDoS).
A DoS and DDoS attack take a similar approach to the same outcome. They flood a server, service, or network with so many requests that the targeted technology is unable to respond and disrupt services. Although many people use the two interchangeably, their differences are nuanced:
- DoS: single device using a single connection
- DDoS: multiple devices across multiple connections, typically using a botnet
Typosquatting Attack.
Typosquatting is an attack used by cybercriminals to register a domain that looks like a legitimate domain, but that serves malware or captures login credentials. A homograph attack is a type of typosquatting attack where malicious actors use visually similar characters from different scripts or fonts, creating similar but unique websites. For example, cybercriminals often replace the traditional letter or number with its Cyrillic counterpart, which can deceive users as the two look similar, but the servers translate them differently. With this spoofed website, malicious actors can deploy malware or steal credentials by pretending to be the legitimate site.
Mobile Device Malware.
As workforce members increasingly use their own devices, mobile device malware becomes a greater security threat. Mobile device malware comes in various forms, each designed to exploit vulnerabilities in apps and operating systems. They typically infect these devices when the users download malicious attachments and apps or click on malicious links.
Phishing.
Phishing is a social engineering attack where cybercriminals craft a convincing email, text, or social media message that appears to be from a trusted source. They create a sense of urgency to manipulate users into clicking a malicious link or downloading a malicious file. Phishing attacks are often the first step taken in a larger attack type. For example, attackers may use phishing emails to trick users into visiting a malicious website that delivers ransomware to the person’s device.
Business Email Compromise.
Business Email Compromise (BEC) is a targeted phishing scam where attackers impersonate a legitimate business partner or employee, hoping to trick people into acting against the company’s and their best interests. Cybercriminals send fake emails posing as trusted figures, like the CEO or IT department, asking users to take actions like sending money or sharing a password.
4 ways SMBs can mitigate cyberattack risks.
No single security technology can protect you from cyberattacks. For an integrated approach, you need a layered defense that includes everything from user education to protective DNS.
1. Enforce Acceptable Use Policies.
Acceptable Use Policies (AUPs) define the actions users can take when working on corporate IT assets. Some key components include restricting:
- Access to public websites, like limiting users’ ability to access social media websites
- Installation of applications, like preventing users from downloading software from unknown websites
By restricting user access, you reduce risks associated with social media phishing scams or downloading malicious software that appears legitimate. Some ways to enforce your AUP include blocking access to categories of domains websites like:
- Gaming
- Social
- Sports
- Dating
2. Block Access to Malicious Websites.
Users often click on malicious links without realizing the risk. To prevent attackers from successfully tricking users into visiting malicious sites, you can create blocklists that prevent them from accessing:
- Known risky domains, Fully Qualified Domain Names (FQDN), IP addresses, CIDRs, nameservers, and registrars
- Categories of risky sites associated with anonymous proxies (Tor), bots/C2, hacking/Warez/P2P, malware, ransomware, and phishing
Using a Protective DNS and web filtering solutions to identify and restrict access mitigates phishing risks and can help reduce the likelihood of an initial endpoint compromise and the spread of an attack inside your IT systems.
3. Use Backup DNS.
Your Domain Name System (DNS) server translates the human-language website URL into a machine-readable IP address, ensuring that people can access your digital services. When attackers engage in DoS/DDoS attacks, they often target the DNS server to shut down connectivity.
To mitigate the impact a service outage causes, you should use backup DNS for redundancy and performance. Some considerations when choosing a provider include:
- Speed
- Auto failover capabilities
- Regions available
4. Implement DDoS and Bot Protection.
To further mitigate DoS/DDoS risks, you should implement hardware and software solutions that monitor and analyze traffic patterns. A DDoS threat mitigation solution can identify suspicious network and application flood traffic and reduce attackers’ ability to successfully conduct a bot attack against your websites and Application Programming Interfaces (APIs).
These technologies mitigate risks by:
- Redirecting traffic automatically
- Providing analysis and mitigation triggers
- Identifying attacks that target API vulnerabilities
Vercara: Mitigating different types of cybersecurity threats risk with UltraSecure.
Vercara’s UltraSecure enables mid-size organizations to achieve enterprise-level security by creating a bundle of our services at a cost-effective price point. With UltraSecure, mid-size companies can augment their cybersecurity resources with purpose-built, best-in-class solutions bolstered by Vercara’s hands-on support and expertise.
UltraSecure includes everything you need to keep your web entities online and protected. Its award-winning service makes onboarding and management easy, and it is backed by our DNS, DDoS, and application security experts at a price point that will meet your budgetary requirements.
