top of page
Search

5 cyberthreats your SME may face at this time

According to the Cisco SMB Cybersecurity Report, more than half of SMEs suffered a cyberattack in 2017. Many small and medium-sized companies have less sophisticated cybersecurity systems than large corporations, which are more likely to be targets for cybercrime.

The IT professionals of SMEs are facing daily a scenario of growing threat, in which cybercrime attacks the staff itself (phishing, social engineering, vulnerabilities of mobile devices and the BYOD phenomenon), to connected devices, either in the office, in the production plant (ransomware, attacks on IoT machines), or de facto closes the organization through a denial of service attack (DoS or DDoS).



Ransomware

The ransomware is no longer the holder Cup as when Wannacry put in check organizations around the world. There are people who have lowered their guard to see that after this time their companies have not been attacked. There are even those who believe that their company is too small or discreet to be targeted by cybercrime. Error! The ransomware remains a very dangerous threat to SMEs.

Ransomware involves hours or days of extra work, stress and problems for IT equipment, and loss of productivity and profitability, and costly ransoms for organizations. Thus, against this type of threats is essential to have a contingency plan, automatic backups and recovery systems, and specific security tools against ransomware, equipped with Deep Learning technology, which can evolve faster than cybercrime.


Vulnerabilities of mobile devices

Many people struggle to plug laptops' cameras, have a good antivirus installed and updated on their computers, or avoid clicking on suspicious attachments. However, the alert level is not such when we download apps to which we grant all kinds of permissions or when we let curiosity drive us to open any file we receive in crowded WhatsApp groups.

Mobile devices are one of the most vulnerable points of organizations. People and teams in mobility can access from them to all kinds of tools and sensitive information. There is malware capable of recording tactile movements on the screen, taking screenshots or listening to confidential conversations. Thus, it is essential to have specific antivirus for mobile devices, and to make our team aware, especially those who work in mobility or use their own devices to connect to the corporate network (BYOD), the importance of habits such as not downloading applications not authorized by the organization, do not use these devices for personal or leisure use, or do not open suspicious files. A talk in time will save you from facing future puzzles.


Phishing and social engineering

Sometimes the people of the staff themselves are the ones who, voluntarily, but with no intention of harming the company, disseminate confidential information. Cybercrime uses phishing and social engineering to get passwords, checking account numbers, or key business data. One of the most common methods is to receive an e-mail sent supposedly by a public institution or a bank with which the company has a relationship. Subsequently, this email sends the victim to a website that is apparently real, in which he is asked to enter sensitive information.

It is fundamental that from the IT teams of the organizations and different departments can be aware of the importance of distrusting any e-mail in which private data is requested. Just follow a golden rule: "Banks or public agencies never request to verify passwords by e-mail."


Vulnerabilities of connected devices (IoT)

The Internet of Things (IoT) is great. It allows companies to be more productive, machines to communicate with each other and maximize resources, and ultimately, grow more robustly than ever. However, the IoT opens a significant security breach if enough protection measures are not available. A connected machine can be disabled or hijacked, can receive orders that endanger the life of the people who use it, and can be a way to access sensitive data.

This panorama of increasing international instability has placed the focus on critical infrastructures, such as power plants, logistics or health, and the productive ones of companies that can no longer do without the Internet. For any organization, however small, it is essential to have specific cybersecurity measures that follow the meteoric evolution of cybercrime methods to attack companies. Likewise, it is important to isolate the IT and OT networks of SMEs with production plants, and it is essential to have a contingency plan to weather as best as possible a hypothetical situation in which the impacts have not been avoided. The question is not whether cybercrime will attack your organization or not, but when it will.



Denial of service attacks (DoS and DDoS)

More and more organizations depend on the online channel to reach new markets or make their business more profitable. Thus, cybercrime has long been an eye on virtual skirmishers, to knock them down and extort money from companies.

Be it by own initiative of cybercrime or commissioned by other firms, to weaken competition, denial of service attacks (DoS and DDoS), which take advantage of the vulnerabilities of websites or e-commerce platforms, have become a threat that directly impacts the profitability of organizations.


How much would it cost your organization to close the doors for hours or days? How many extra hours of work does the IT team have to park their daily tasks to deal with the attack? It is essential to hire a firewall and have a specific solution to protect against this type of offensive.




The ingenuity surpasses itself when it is in the service of the cybercrime. To the ransomware, to the denial of service attacks (DoS or DDoS) or to the security gaps of the connected devices (IoT) are added many types of malware that use the vulnerabilities of the most common programs, such as text or assisted design processors by computer, or the most popular CMS. Thus, a solution that fights intrusion attempts is not enough, but rather one that can evolve faster than cybercrime itself.


The IT professionals of companies face the challenge of facing a greater number of increasingly sophisticated threats. According to Forbes, 9 out of 10 companies will suffer at least one virtual attack this year. The importance of having specific solutions to deal with these attacks is compounded by the importance of knowing how to orchestrate them and make them compatible with each other. Thus, a technological partner that understands the needs of the organization, is proactive, and advises and accompanies the IT team in key decisions, has become fundamental for the current SME.





Comments

bottom of page