Reading Time: ~ 3 min.
There’s a
pretty common misconception among small businesses and medium-sized businesses
(SMBs) that hackers only target large organizations. Unfortunately, this belief
couldn’t be further from the truth. In fact, according to the most recent
Verizon Data Breach Investigations Report, more than 70%
of cyberattacks target small businesses. Additionally, many attacks are now
shifting to target managed service providers (MSPs), specifically because
breaching an MSP can give hackers access to their entire SMB customer base.
Why are hackers
targeting SMBs?
Simply put—
it’s easy money. First, the smaller the business is, the less likely it is to
have adequate cyber defenses. Moreover, even larger SMBs typically don’t have
the budgets or resources for dedicated security teams or state-of-the-art
intrusion prevention. On top of that, smaller businesses often lack measures
like strong security policies and cybersecurity education
programs for end users, so common vulnerabilities like poorly trained users, weak
passwords, lax email security, and out-of-date applications make SMBs prime
targets.
What’s more:
some hackers specialize in breaching specific business types or industries,
refining their expertise with each new attack.
Which business types are
in the cross hairs?
Realistically
speaking, the majority of businesses face similar amounts of risk. However,
some industries do tend to be targeted more often, such as finance or
healthcare. Here are some of the business types that are currently topping
hacking hit lists.
Managed
Service Providers
MSPs hold a lot of valuable data for
multiple customers across industries, which makes them desirable targets. Hackers
use a technique known as “island hopping”, in which they jump from one business
to another via stolen login credentials. MSPs and their SMB customers are both
potential targets of these attacks.
Healthcare
Organizations
Hospitals, physical therapy offices,
pediatricians, chiropractors, and other healthcare practices are easy targets
for cybercrime because they can have such chaotic day-to-day operations, and
because they often lack solid security practices. In addition, medical data and
research can extremely valuable. Patient records alone can sell for up
to $1,000 or more on the dark web.
Government
Agencies
There are many reasons that
cybercriminals, particularly nation-state terrorists, might target local and
national governments. In particular, small governments and local agencies
generate troves of sensitive information, while large governments can be
victims of nationwide disruption, either for financial gain or sheer
destruction.
Financial
Institutions
You probably aren’t surprised by this
list item. Banks, credit unions, and other financial institutions have long
been targets for hackers due to a wealth of data and money. Only a few years
ago in 2018, over
25% of all malware attacks targeted banks––that’s more than any other
industry. More recently, automation has further enabled cybercriminals to run
advanced attacks on financial institutions at scale.
Celebrities,
Politicians, and High-Profile Brands
Hacktivists, who are usually
politically, economically, or socially motivated, like to seek out politicians,
celebrities, and other prominent organizations as targets. They may even
attempt to embarrass public figures or businesses by stealing and disseminating
sensitive, proprietary, or classified data to cause public disruption, or for
private financial gain via blackmail.
What are your next steps?
The only real
requirement for becoming a hacking target is having something that hackers
want, which means all businesses are at risk. Luckily, a few relatively
straightforward tips can go a long way in keeping your business secure.
Think Like a
Hacker
Cybersecurity awareness training with phishing
simulations is a vital component of an effective protection strategy. In fact,
Webroot’s own research found that regular training over just 4-6 months reduced
clicks on phishing links by
65%. Understanding hacker practices and motivations can help you predict
potential threats and thwart attacks.
Lock Down Your
Business First
The right security layers can protect you from
threats on all sides. If you haven’t already, check out our free Lockdown
Lessons, which include a variety of guides, podcasts, and webinars designed
to help MSPs and businesses stay safe from cybercrime.
Embrace
Comprehensive Cyber Resilience
Being resilient in the face of cybercrime doesn’t
just mean having powerful, automated endpoint threat detection in place. It
also means having security layers that can protect your business and clients
front and back. That includes layers like security awareness training, as well
as network protection and strong backup and disaster recovery services. The
best defense is prevention, and by preventing attacks and planning your
recovery proactively, you’ll be ready to bounce back right away at the first
sign of trouble.
Hackers have
diverse means and motives, so it’s up to you to know their methods and prepare
your business and customers to block advanced threats.
To get
started on the road to cyber resilience, you can learn more about Webroot®
Business Endpoint Protection or take a free trial here.
The post Pay Attention to the Hacker Behind the Hoodie appeared first on Webroot Blog.