Small businesses often lack the IT staffing resources and expertise that are commonly found in larger organizations. As such, it’s hardly surprising to find that SMB systems–including security systems–may not be configured in quite the way that they should be or may be missing altogether.
In the not-so-distant past, a dearth of skills for cybersecurity (and IT in general) might have been tolerable. Not OK, mind you, but tolerable. This is not to say that small businesses were immune to security threats, but it seems fair to say that smaller organizations were not targeted in the same way as larger companies. Unfortunately for SMB owners, this trend is rapidly changing.
It isn’t that the hackers have suddenly given up on attacking large enterprises and have started going after mom-and-pop businesses instead. Rather, small businesses are now much more at risk than before because attacks are becoming increasingly automated.
One of the biggest reasons why this is happening is because the bad actors are exploiting resources that were intended for a completely different purpose. Cloud services, for example, can be used to launch an attack at scale. While it is true that cloud providers such as Amazon and Microsoft bill their customers for the resources that they consume, these and other providers offer free trials. It’s easy for someone to set up a “burner” account, receive hundreds of dollars worth of free cloud services for opening the new account, and then use the available resources to launch an attack at scale. Yes, the cloud providers try to prevent this from happening, but the providers’ defenses are not perfect.
Small businesses often lack the IT staffing resources and expertise that are commonly found in larger organizations. As such, it’s hardly surprising to find that SMB systems–including security systems–may not be configured in quite the way that they should be or may be missing altogether.
In the not-so-distant past, a dearth of skills for cybersecurity (and IT in general) might have been tolerable. Not OK, mind you, but tolerable. This is not to say that small businesses were immune to security threats, but it seems fair to say that smaller organizations were not targeted in the same way as larger companies. Unfortunately for SMB owners, this trend is rapidly changing.
One of the biggest reasons why this is happening is because the bad actors are exploiting resources that were intended for a completely different purpose. Cloud services, for example, can be used to launch an attack at scale. While it is true that cloud providers such as Amazon and Microsoft bill their customers for the resources that they consume, these and other providers offer free trials. It’s easy for someone to set up a “burner” account, receive hundreds of dollars worth of free cloud services for opening the new account, and then use the available resources to launch an attack at scale. Yes, the cloud providers try to prevent this from happening, but the providers’ defenses are not perfect.
Even if one particular hacker isn’t sophisticated enough to figure out how to exploit a known vulnerability, there is strength in numbers: There are countless websites and (and Dark Web sites) dedicated to hacking how-to’s, and Hackers often pool their knowledge.
The reason why this is such a problem for small businesses is that hackers are no longer targeting a specific victim. Instead, they are casting a wide net and probing for a known vulnerability. Therefore, an attack that is based on the vulnerability is as likely to hit enterprise-class organizations as it is to hit small businesses.
Conclusion
Smaller organizations are increasingly being subjected to the same attacks as major enterprises, simply because of the random and automated nature of the attacks. The No. 1 thing that small businesses can do to avoid being victimized is to keep all software patched and up to date and follow basic security best practices. Automated attacks target the most vulnerable networks. Taking a few basic security precautions will help small businesses avoid falling victim to such attacks.
Source: ITProToday
The Cloud Consultancy Provision, Setup And Manage SME Cyber Security Services