Small businesses are the core of the country’s infrastructure, but their data is at the greatest risk. Here’s what SMBs can do to fend off cyberattacks.
Straight from the floor of the Black Hat 2017 conference in Las Vegas came an enlightening conversation between cybersecurity experts on the vulnerability of small- and medium-sized businesses (SMBs), in addition to some basic-but-important steps anyone can take to begin their road to improved security.
Sean Martin, the editor in chief, ITSPmagazine was joined by Rusty Sailors from LP3, Russell Mosley from Dynaxys, and Tom Caldwell from Webroot, and Martin kicked off the conversation with some frightening statistics — 43 percent of cyberattacks are now targeting SMBs, which are more likely than big enterprises to go out of business due to the downtime or maligned reputation.
[ Related: Taking On Next-Generation Cyberattacks With Streaming Analytics ]
“This space is a target, and it has dramatic results. SMBs is pretty much the core of the American infrastructure,” Martin said. “They operate a lot of what we do. … This space is really important to get right from a security perspective.”
Both calming and stoking the fear of cyberattacks
Simply put, modern-day hackers now use several automated tools to seek out their targets. Initially, they might have nothing more than a massive list of potential IP addresses to attack. When these automated tools go to work, they look for any exploitable vulnerability, which means that it doesn’t really matter how obscure you think your business is— an IP address levels the playing field. There’s no such thing as being too small a company for a hacker to bother with.
[ Related: Humans and Machines Must Unite to Battle Phishing Attacks ]
Sailors says, “I like to say that the hacker doesn’t care if you think you’re a target or not. You’re a target.”
So, if SMBs are innately a target, what are their weak spots?
Caldwell notes that the smallest SMBs, of 1 to 20 people, are most likely to try using consumer solutions instead of those intended for enterprise applications, particularly in the hardware department. Wireless routers, and networks in general, are a common weakness—instead of paying $500 or so for an enterprise-level router, Mosley says that many SMBs will buy a $150 consumer-grade version instead. Their justification? It’s lower in price and just works out of the box. The truth is that it simply can’t compare to the security and feature-set in an enterprise-level alternative.
[ Related: Can Blockchain Help Secure the Internet of Things? ]
Mosley also points out that many SMBs accidentally create large security gaps in how often they’re updating their software. Networking hardware, operating systems, and specific software tools all need to be patched regularly, but it’s expensive to hire consultants to come in every month to ensure that’s happening. If they wait for their vendor to come in and do it, they could go six months without receiving critical security patches. SMBs need to weigh the pros and cons of working with a managed service provider (MSP) or going it alone with consultants, but they often are just letting machines go unpatched.
Starting with the baby steps
Of course, the participants in this conversation would be thrilled if any SMBs came to their organization to discuss a comprehensive cybersecurity rollout, they recognize that some SMBs need to run exceptionally lean. Still, there are some simple — and oftentimes relatively cheap —ways to boost security quickly.
Leverage threat intelligence. Caldwell argues that this technology isn’t only for big enterprises now — it’s become cheap enough for SMBs, too, thanks to a number of readily available SaaS applications. “Machine learning is really catching on and being used to great extent in these threat intelligence services. Keeping an eye on what threat intelligence you have access to, as a small business, will tell you who you’re connecting to on the internet, and the risks associated with that.”
Buy enterprise hardware. Upgrading from consumer hardware is an easy way to immediately improve an SMB’s infrastructure. “They come with a default deny type configuration, which is really what you need from a security practitioner’s perspective,” Mosley says. Of course, there’s an initial investment necessary to set it up, but better equipment means features like multiple, disconnected networks for intranet and external web traffic.
Swap for encrypted SSDs. Mosley has a great tip for immediately improving the security of any new laptop, particularly cheaper ones: buy a new SSD hard drive, encrypt the whole disk, and image the old drive to it. By doing this, you’ve upgraded the laptop with a much faster hard drive that has no moving parts, and one that can’t be accessed if someone steals it.
“Air gap” your backups. Backups are common these days, even among SMBs, but if backups are kept on the same network, they’re just as vulnerable to being attacked, destroyed, or encrypted in a ransomware attack. Air gapping is the idea of physically separating a machine from the public internet, and it’s a simple-but-effective way to ensure that backups don’t get taken down with the rest of the infrastructure.
Do the security cost-benefit analysis
In the end, all the experts agree that these processes start from the top-down, and are not just investments, but rather necessary steps to keep an SMB running. Just like you pay the electricity bill to keep the lights on, SMBs need to weigh the cost-benefit analysis of paying upfront for security versus the potentially devastating cost of a ransomware attack that shuts down the business for days, weeks, or permanently.