On Monday, President Joe Biden issued a warning after receiving new intelligence: Americans should anticipate heightened cyberattacks from Russia. “The magnitude of Russia’s cyber capacity is fairly consequential, and it’s coming,” he said.
In order to make headlines, cyberattacks usually center on large corporations—the more people affected, the more likely you are to hear about it. But in 2021, 28% of breaches targeted small businesses. And with the average ransomware at $70,000, a breach can be catastrophic for small businesses who end up as the targets of cybercriminals.
Why small businesses?
Although you often hear about ransomware averages in the millions, small businesses are becoming the main targets for ransomware precisely because of their lack of resources. Without trained IT professionals on staff or a budget to prioritize cybersecurity, it’s becoming easier for cybercriminals to target small- to medium-sized businesses. And because smaller businesses risk more with reputation damage, researchers believe the attacks are underreported and ransoms are being paid, making small businesses all the more appealing for cyberattacks.
Last year, smaller businesses saw an uptick in remote desktop compromises. Setting up a Remote Desktop Protocol (RDP) is not secure without additional security measures added on, making it a vulnerability for businesses lacking a managed service provider. With a growing number of employees logging onto unsecure remote desktops during pandemic, this has become an easy target for cybercriminals. Between Q1 and Q4 2020, attacks against RDP surged by 768 percent.
Additionally, the pool of cybercriminals continues to grow as Ransomware as a Service (RaaS) becomes a profitable business model. By allowing potential cybercriminals to purchase packages of ransomware, those with less knowledge of the industry can still breach individuals and small businesses without cybersecurity protection in place.
Making your business more secure
As mentioned above, small businesses don’t have the same budget for security as large corporations, but there are still measures you can take to protect your business. These include:
- Enabling strong spam filters to prevent phishing emails from reaching end users
- Educating employees with cybersecurity awareness training
- Third party cybersecurity assessments
- Updating and patching software
- Locking down Remote Desktop Protocols (RDP)
- Validating remote access to the organization’s network
- Requiring multi-factor authentication for privileged or administrative access
- Confirming the organization’s entire network is protected by antivirus/antimalware software
- Testing backup procedures to ensure critical data can be rapidly restored if the organization is impacted by ransomware or a destructive cyberattack
- Ensuring backups are isolated from network connections
Some of these safety measures are not only low cost, but they can also be taken today and will help prevent a cyberattack from happening. Although an attack on RDP doesn’t require much skill, the impact can be significant, compromising an organization’s server and resulting in the potential loss of remote access service. Now, more than ever, it’s imperative to make cybersecurity a part of your business strategy or risk the theft and loss of your data.