7 Main Threats that Target Companies
Security for Everyone
Do you think cyber attackers will only target large companies? Sorry, but you're wrong. Small businesses are also facing cyber threats as large companies. One common mistake small companies do is they believe that they are not worthy of being attacked or will not lose too much when an attack occurs. Nowadays, attackers are using automated tools to gain access to a system. They do not need to focus on your company; they attack hundreds of companies in a small amount of time. Since small companies have less awareness of threats, they have a weak defense. Compared to big companies, small ones are easier to target.
Small companies may manage a huge amount of money, work for bigger companies, or have access to private information. For these reasons, they may lose as much as big companies. Additionally, they will lose their reputation.
One study showed that companies have less than 500 employees, lost approximately 2.5 Million dollars. Therefore, small or mid-level companies have to know cyber threats and how to stop them. In this article, we will inspect 7 main threat and their protection.
The most common encountered threat is phishing attacks. %90 of attacks are phishing attacks, and it is still increasing. These attacks cost exceeded 12 Billion dollars. The attackers act like a trusted person/company and generally try to convince you to click some links, download some files so that he/she can access valuable information.
These attacks use many different tricks to convince the victims. It does not have to be just mailed; it can also be a phone call. I can be even a real person that tries to get your access to sensitive information.
What makes this attack that harmful is that it is too hard to prevent. It is more than a technical problem since it includes human vulnerabilities.
We may not be able to completely eradicate this threat, but we can defuse it. Common protection methods shared below:
- To raise awareness: Training the employees against these attacks, showing them some examples, lowers the possibility of a successful attack into half.
- Email firewall: Helps to detect emails that have malware and removes it before reaching the victim.
- Endpoint detection and response or antivirus: Let's say it was a bad moment. You clicked on the fake link sent by the attacker. In this case, an additional layer of security on your system can compensate for your fault.
2. Vulnerable Websites
The number of hackers targeting websites every month is growing. Every month, dozens of vulnerabilities are found in popular plugins that developers use on their sites.
So why is there a high rate of attacking websites when there are so many things to attack? The answer to this question is from the basic logic of the Internet. The Internet allows even people at the other end of the world to communicate with each other on social, business, and entertainment purposes.
However, some malicious hackers use such activities as a tool to perform their malicious activities. That's why all sites, including your site, are among the targets. Hackers targets the weakest and most vulnerable websites, and their purpose on the websites they target may be the following reasons:
- Stealing customers' information: Hackers can inject malicious code into your website and steal critical information from all users who visit your site.
- Malware distribution: A bad way for attackers to earn money from websites is to use malicious software to spread it over sites. When your visitors or customers visit your site, they install malicious software on their devices.This will cause your site to be blacklisted by security softwares and search engines.
- Damage: In some cases, hackers want to attack or spread their political messages through your website. In this case, your site will be destroyed, and your information will be deleted.
These three reasons are just a few of the hacker's intent to attack websites.
One of the most dangerous threats that small companies faces is malware. An attacker may use malwares to reach the network, steal data, damage the system, use hardware resources, etc. The most common ways to infected by malware are visiting harmful websites, opening email attachments, or being in the same network with an infected computer.
This attack especially painful for small or mid-level companies because any damage causes enormous costs. Limits of the cost depend on the attackers' actions.
Luckily, there are some protection methods such as EDRs, antiviruses, updates, awareness trainings, and firewalls.
Ransomware is one of the most common attacks that thousands of companies face every month. It is a kind of malware. But it is so common that we wanted to examine it in a separate title.
Generally, attackers use social engineering attacks to infect your system with ransomware malware. Then, the malware encrypts all the data in the system. Attackers ask for money to decrypt the data back. Lots of companies agree to pay that money because there is no method to recover data back for the latest ransomware malware.
According to the Internet Crime Report published in 2019 by the FBI, these attacks made 8.9 billion dollar costs, and 71 percent of targets are small mid-level businesses. The reason small companies are targeted is that attackers know that lots of small companies don't do anything about cybersecurity.
Host-based security software such as EDR, antivirus, antimalware solutions can be used to prevent this attack. Moreover, some host-based security software provides specialized protection mechanisms for ransomware attacks. It is also very important to regularly update systems and pay attention to security patches.
Finally, don't forget to take backups. This protects you not only against ransomware attacks but also against other cybersecurity-related risks.
5. Weak Passwords
One of the biggest threats for companies is using weak passwords. Using a simple password is like leaving the door open for attackers. Due to a lack of experience, small companies do not care about their employees' passwords. A recent report shows that %65 of the people use the same password for multiple platforms. %73 percent of them using easy to guess passwords and %42.1 of them using their name in their passwords. Cybersecurity awareness training is a must for employees to use strong passwords. Moreover, for the critical areas, two-way authentication should be applied. With this method, the attacker can not access the system even if he knows the password.
6. Patch Management
The purpose of installing the patches (for the part that interests us) is to eliminate the vulnerabilities. Producers publish the patches regularly, but most of the companies do not apply updates in time. Attackers exploit those vulnerabilities on old systems with automated tools. There are more than 100.000 automated attacks every day. A report published in 2018 shows that 37 percent of companies do not check their vulnerabilities, and 80 percent of companies with security breaches could prevent attacks if they patch their system on time.
Some of the methods you should do:
- Give priority to patch management and regularly check it
- Automate the patches
- Check if there are new vulnerabilities after the patching
7. Insider Threats
These threats come from generally angry or/and old employees. Attackers have the potential to access all the systems since they have some pre-knowledge. They can use critical information for blackmail, delete some data, sell private information on the market, broke the system, and do many other things. Insider threats increased 47 percent for the last two years and still growing. Studies show 64 percent of employees have access to a system that they do not need to access.
Access rules in the company should be managed well. Every employee should access data if and only if he/she needs it. Also, do not forget to remove old employees' access and change all necessary passwords after an employee quit.
Small companies are facing various threats. The best way to prevent these threats is by using some security tools and informing the employees about the threats. You can use our free and online security tools if you want. We have free security tools in our S4E:Equality product. Use them as you wish :)