Cyber Criminals Know This:
Small to Midsize Businesses (SMEs) With Little or No Cybersecurity Make Ideal Targets!
Until recently cyber security was not a concern for most companies. Many believed they would never get hit and they didn’t find the value in purchasing any cyber liability insurance. The harsh reality is that cyber threats are impacting corporations and SMEs throughout the world. The vectors for these cyber-attacks have become so sophisticated that even if you have cyber security software, you are not 100% protected.
The biggest threats when it comes to cyber-attacks are hackers targeting your organization and your employees not having any cyber-security awareness. Being able to identify what is safe to “click on” and what is not could be the difference between a major or minor impact to your organization.
Common Attacks—Phishing and Typosquatting
Phishing attacks are the most common form of attack that people see. They stem from a simple click on an unknown link in an email that allows a hacker to gain access to your system. Once they have access, your company could be quickly exposed. Another common form of cyber-attack is known as typosquatting. For example, your email is firstname.lastname@example.org. The hacker buys the URL abchouses.com and would create the email email@example.com. We have also seen the letter “r” and “n” combined instead of “m”, making the email, firstname.lastname@example.org. To the naked eye, a customer of yours may not notice the difference, and when they receive an email from this fake email address telling them to transfer funds to a different account than they normally transfer money to, they might do so. The funds are now unrecoverable and are in an unknown account, leaving both companies impacted. Imagine the impact on your organization if the amount was $100,000 or more.
Why are SMEs Targeted?
Cyber criminals know their threat simply does not feel real to most SMEs. The reality is that significantly more than half of all cyber attacks are directed at SMEs, and given SMEs’ lack of attention to the threat that number continues to steadily increase. In fact, most SMEs don’t have the knowledge or means to make anywhere near the investment required to implement comprehensive protection, leaving significant risk uncovered.
The following represents what cyber criminals typically look for when scanning the Internet for new targets:
- A company that can be hacked with ease
- Companies with specific security weaknesses
- Un-patched software
- Poor password hygiene
- Open web ports
- Unencrypted data transit
- Poor endpoint protection
SMEs tend to devote inadequate resources, time, and funds to cyber security, with 67 percent having no data security policies. Of the 33 percent that do, 87 percent have no formal written policy in place.
These are the four most common ways cyber-criminals gain entry to your systems:
- Attacks on unprotected devices
- Authentication and privilege attacks
- Dark web password repositories
- Disgruntled employees
- Privilege creep
- Loss Of Service—Denial Of Service Attacks
- Malicious Content Attacks
- Encryption of your data for a “ransom” payment.
- Trojan horses and worms
Eastern Michigan Agencies can provide cyber liability insurance as well as recommendations and solutions to help reduce your cyber risk. These are a few of the ways we can help protect your company:
- Assist you in developing and enforcing a formal written password policy
- Provide regular education for all employees on Cyber security vigilance
- Assist you in creating a Cyber Incident Response Plan
- Provide appropriate Cyber Liability Insurance Coverage
Contact Eastern Michigan Agencies today to for assistance with your Cyber Security risk management