Small to midsize businesses (SMBs) may be finally realizing the extent to which cybercrimes can affect them, but do they realize just how intently hackers are targeting them? A report by Check Point Software says that SMBs have become “the cybercriminal’s ‘sweet spot,” due to a lower level of IT security but still a decent level of valuable information that can be utilized to make money.
The Check Point report says that appropriately 63 percent of SMBs are worried about malware, and 38 percent are worried about possible phishing scams, but 31 percent aren’t doing anything to protect against such threats. This report also cites statistics from the CyberSecurity Alliance that say 36 percent of cyberattacks target small businesses and of those businesses that are attacked, 60 percent will be forced to close within six months following—likely due to the fact that the average cost for a data breach at an SMB is $36, 000.
One particular way hackers have mounted recent attacks on SMBs is with the Golroted Trojan, which SPAMFighter says has been attacking since fall of 2014. According to the article, the cybercriminals involved have hatched bulk email scams that contain spear phishing files:
On viewing one of these malevolent attached files, the keylogger garners critical data from the system followed with transmitting the same onto its designated server. This done via dispatching the data onto the server through e-mail attachments alternatively via posting it onto certain FTP server.
Filched details from victims' PCs consist of end-user's bank details, captured screenshots, login names as well as passwords in addition to the contaminated PC's details.
This is but one example of the thousands of types of malware and scams that exist on the Internet, and it doesn’t even begin to touch all of the other vulnerabilities that systems and networks can have and not know about. Obviously, hackers have many options for breaching business networks.
With the number of these breaches and attacks on SMBs growing, ISACA (formerly known as the Information Systems Audit and Control Association) announced that it is offering two documents to assist SMBs in measuring the IT security requirements for their business and then developing a solid strategy to bring it all together. Small Business Computing reports that the guides can be purchased from the ISACA website for $35 each (for ISACA members; $60 for non-members). The documents are:
- “Cybersecurity Guidance for Small and Medium-sized Enterprises”
- “Implementing Cybersecurity Guidance for Small and Medium-sized Enterprises”
Both guides claim to offer advice on cybersecurity practices that SMBs will find to be reasonably actionable and affordable.