July 28, 2016
Joe Franscella

How Do the Dangers of Malware Affect SMEs?

<p>Stories about high profile hacking incidents dominate the news coverage of online threats. These pieces do some good in warning us about the devastation that can result in a breach. However, <a href="https://www.sba.gov/managing-business/running-business/energy-efficiency/sustainable-business-practices/small-business-trends" target="_blank">small businesses account for 54% of all sales</a> in the US. The narrative warning of hackers who target businesses would do better to portray accurately the prevalence of threats faced by small and medium sized enterprises instead of focusing on the scandals affecting bigger brands.</p><p>Small and medium sized businesses have some shortcomings which make them ideal targets for cyber-crime. Many haven’t done a risk assessment to identify possible points of attack and take stock of what assets can be exploited. Many web domains, PCs, company secrets, login credentials, etc. may go unprotected in comparison to corporate counterparts. Smaller companies may not have security policies or education programs. Backup procedures may not be in place or implemented regularly.</p><p>Without dedicated IT staff, the “experts” are often the most capable users who handle technologies day to day but vary in their knowledge, attitudes, and motivations concerning the dangers of malware. Managers in close-knit workplaces or family companies may decide not to start turmoil over enforcing security policies. It’s equally likely that managers themselves don’t understand the gravity of using the office computer to engage in risky web browsing behavior like downloading coupons or using their company email to sign up for a forum.</p><p>The physical nature of your business can affect its vulnerability. Smaller businesses who take walk-in customers are vulnerable to POS hacks in the form of card capturing devices or hacking into their local network. Businesses with limited IT budgets, in remote areas, or in developing countries have trouble recovering from natural disasters. Setting up ad-hoc networks can be a challenge and often proper procedures are skipped. Hackers have learned to strike during these opportunities.</p><p>Employee email vulnerability is a largely unaddressed problem. Employees often choose weak passwords to make their jobs easier or share login credentials. SMEs are often unaware of the prevalence of social engineering used to find out who’s worth hacking or what they may be hiding. <a href="http://www.scmagazine.com/apwg-report-phishing-surges-by-250-percent-in-q1-2016/article/498867/" target="_blank">Phishing is at a record high</a>, targeting retail the most.</p><p>Smaller businesses may not see themselves as “worth” hacking, but targeted attacks are increasing against SMEs. Proprietary secrets can be accessed via back doors created with malware. News stories cover data breaches of financial information, but criminals can also profit from accessing demographics or login credentials from your customers, employees, or business partners. <a href="https://www.anomali.com/blog/targeted-ransomware-activity">Ransomware threats</a> are an inconvenience many are advised to pay. Unfortunately, the approach of taking the easy way out only further incentivizes hackers to hold SMEs’ systems hostage.</p><p>Indirect attacks contribute to losses, too. Adware slows down your network, adding time to starting up the workstation and causing lags during work. The gradual reduction of productivity adds up to big hits to the bottom line. Your equipment is at risk of misuse if your computer network is used to send spam or a DDoS attack. Your stakeholders’ info can be stolen and monetized or you can be used as a stepping stone to hack another bigger enterprise with which you do business. You can be held liable for any attacks perpetuated against individuals or other businesses as a result of your negligence.</p><p>You can’t afford to be unprotected against targeted malware threats. Apologizing after a breach affects your reputation for years to come. Not including losses of intellectual property, cleaning up after a malware attack <a href="https://www.anomali.com/blog/the-estimated-cost-of-cyber-attacks">costs businesses $15.4 million annually</a>. The long term consequences of a malware attack or other network breach are dire for SMEs.</p><p>In the last several years we have seen an uprise with the “commercialization” of malware, with attack kits available on underground forums for anyone who wants to perpetrate a variety of attacks. Many attackers reuse malware and command and control protocols and methods, adapting their “products” over time to keep ahead of the antimalware industry and security professionals. Learn more here.</p><p><span class="hs-cta-wrapper" id="hs-cta-wrapper-bd3e320b-6f5f-47ad-ae30-589597d266a4"><span class="hs-cta-node hs-cta-bd3e320b-6f5f-47ad-ae30-589597d266a4" data-hs-drop="true" id="hs-cta-bd3e320b-6f5f-47ad-ae30-589597d266a4" style="visibility: visible; display: block; text-align: center;"><a class="cta_button" cta_dest_link="{page_3457}" href="https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/c/?cta_guid=bfe9d714-b9a1-4733-8b89-44b169eb6a53&amp;placement_guid=bd3e320b-6f5f-47ad-ae30-589597d266a4&amp;portal_id=458120&amp;redirect_url=APefjpE00RtJycNgGozr3t_yuunQmrl2CUERbv-jtUB7yKDMNMQnwFm-bDsd_g36a_8QUWSSi8BU-q29w0Pceo3pXFusH5mPE5sFVWcZ9AsWNjg3MPDkVcYUbFCbjA8p7WS5LC9bOB722coGj1vO1tOGBEDcAImN5nJQTA-U9iNBc7LOiydYdypbOy6_67dfXXV0CqnM24xhaiOQsRxwOUG6EQv35xMv16nuycNt6-s_QFHR8Ifa7I3uEAFspFqj467Xp2S7IFTk6lyZepdVqcJaWaNrF--Wa_qBdTvFuGiMdArUKT4tG2Jpelyc1VtK0iDadvAAcAhm5T03nDDhS45vF3-XR-iDWA&amp;hsutk=2767d93d6471d657e0c9f660e4b58ef8&amp;utm_referrer=https%3A%2F%2Fblog.anomali.com%2Fhow-do-the-dangers-of-malware-affect-smes&amp;canon=https%3A%2F%2Fblog.anomali.com%2Fhow-do-the-dangers-of-malware-affect-smes&amp;pageId=4250035349&amp;__hstc=41179005.2767d93d6471d657e0c9f660e4b58ef8.1456736058655.1478822660171.1478831861868.179&amp;__hssc=41179005.66.1478831861868&amp;__hsfp=1335165674" id="cta_button_458120_bfe9d714-b9a1-4733-8b89-44b169eb6a53" style="margin: 20px auto;" target="_blank" title="Download Here">Download Here </a> </span> <script charset="utf-8" src="https://js.hscta.net/cta/current.js"></script> <script type="text/javascript">hbspt.cta.load(458120, 'bd3e320b-6f5f-47ad-ae30-589597d266a4', {});</script> </span></p>

Get the Latest Anomali Updates and Cybersecurity News – Straight To Your Inbox

Become a subscriber to the Anomali Newsletter
Receive a monthly summary of our latest threat intelligence content, research, news, events, and more.