Midsize Businesses Prove Easy Attack Targets

  /     /     /  
Publicated : 22/11/2024   Category : security


Midsize Businesses Prove Easy Attack Targets


Basic security practices could protect small- to midsized businesses from cybercriminals looking for low-risk, high-reward targets.



The greatest security threats arent necessarily the most complex. Basic attacks pose the greatest risk to small- and midsized businesses (SMBs) as attackers realize they dont need advanced methods to exploit victims.
This is one of the findings in the 2016 Midmarket Threat Summary Report from the eSentire Security Operations Center (SOC), which detected nearly 5 million attacks across multiple industries. It found SMBs are often victims of cybercriminals seeking low-risk, high-reward targets.
What were seeing from the data, the majority of attacks are not sophisticated, says Viktors Engelbrehts, director of threat intelligence at eSentire. They are really basic, and [attackers] are using basic tools as a means to achieve objectives.
The most frequent threat categories were intrusion attempts, information gathering, and policy violations, which collectively represented 63% of all observed attacks. Intrusions, primarily web attacks, marked the top threat category at nearly 30% of all events.
Its the most logical entry point apart from users, says Engelbrehts of web intrusions, where attackers have recognized the benefit of a larger attack surface. Its always easy because you have millions of web applications with poor security controls.
Cybercriminals dont need to use sophisticated malicious code attacks when methods like ransomware can successfully exploit low-hanging fruit and web applications are written without security in mind. Only 12% of detected attacks involved malicious code, indicating a growing preference for inexpensive and automated strategies.
Interestingly, this
research
discovered timing may also affect whether or not your organization is breached. Seasonal correlation was a surprise, admits Engelbrehts. Attacks rose between March and April, fell in June and July, and picked up again in September and October.
While he could not give a definitive reason for this, Engelbrehts noted there are several factors that could affect timing of attacks. Announcements about a breach, or the prosecution or indictment of cyberattackers, could influence activity.
Rudimentary attacks are expected to remain a threat so long as these techniques are effective. The problem is, cybercriminals know where theyre mostly likely to find success -- and their top targets dont know how to defend themselves.
Unfortunately, security is not generally a strong side, says Engelbrehts of SMBs. Traditional small businesses dont have resources, dont have personnel, dont have expertise.
Large corporations have been targeted, and many have been breached, for years and can afford the right security measures. Major banks may prove attractive targets but might also require attackers to procure a tremendous amount of resources to be successful.
Businesses that fail to implement basic security best practices will continue to be vulnerable.
Many organizations, driven by a combination of hype and fear, have tried to solve security problems by checking boxes in recent years, says Engelbrehts. This tactic provides temporary relief but doesnt work in the long term without a strong foundation.
The answer is in basic security hygiene, he explains. If youre using web servers and web applications, check to ensure youre running the latest version. Realize passwords are guessable and dont use weak or default credentials. Enable two-factor authentication where possible.
The majority of attacks could have been prevented by applying common best practices, he emphasizes. Thats the key message here.

Last News

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Midsize Businesses Prove Easy Attack Targets