SMBs at most risk from rudimentary cyber attacks, not sophisticated hacking

Get the basics right, and most SMBs should be fine, advises eSentire

The biggest IT security risks facing small and medium-sized businesses (SMBs) are sophisticated, targeted threats, but rudimentary, unsophisticated attacks for which many are unprepared.

That is the warning of computer security company eSentire in its latest Cyber Threat Study, examining the cyber threats faced by SMBs.

"Since 2014 cybercrime rates have been on a steep trajectory, rising in both frequency and complexity. And in the space of two years - not surprisingly - small and mid-sized organisations have become a popular attack target," said Mark McArdle, chief technology officer at eSentire.

He continued: "Unlike their larger peers, mid-sized enterprises often lacks the resources and budget required to maintain the robust defences required to defend against today's attacks."

However, small and medium-sized organisations now represent almost two-thirds of all security incidents in loss of data, he added.

"Whether large or small, the truth facing all businesses is that technology simply isn't enough to guard against today's attack vectors. Regardless of how many layers of traditional technology (intrusion protection/detection systems, security information and event management or SIEM, anti-virus systems and so on) organisations deploy, attackers will find new vectors to their targets."

But the kinds of attacks that SMBs fall victim too are often relatively unsophisticated and could be prevented with basic security measures and staff training.

The company aggregated and analysed two years of data from monitoring clients' networks and IT infrastructures.

The unglamorous truth, the report claims, is that "organisations operating in this space commonly have their perimeter security bypassed by rudimentary, unsophisticated (but still highly effective and successful) attack vectors".

Approximately one-third of all incidents involved preventable brute-force attacks that originated as a result of poor perimeter defences. "Even when organisations have good technologies in place, poor configuration can result in a higher incidence of brute force attacks," the report adds.

For example, a remote login service exposed to the internet without a perimeter firewall configured to automatically block brute force attacks will inevitably invite such attacks. "For clients who do not expose services or protect them with robust perimeter defences (and who are running good configurations), the number of incidents in this category is nearly nil," it advises.

In other words, SMBs are inviting attacks by leaving open glaring security holes in their defences which, in a world of automated attacks tools, will be uncovered and exploited very quickly if the organisation doesn't patch it quickly.

ESentire recommends a series of measures to mitigate the risks of running remote login services exposed to the internet, including implementing two-factor authentication, white-list-based access control, rate-limiting incoming connections, and even automating IP-based lock-outs.

SMBs also put themselves at risk from running outdated software that is exposed to the internet, enabling old exploits to be deployed against them with impunity. Again, the advice is to limit the number of internet-facing services hosted on the organisation's main network, to install application-based firewalls for services that the company has no choice but to expose to the internet, and using tools to prevent unauthorised changes to content hosted on such systems.

Finally, one of the most common means of cracking SMBs network security is viruses and other forms of malware. Basic security measures, such as up-to-date anti-virus and anti-malware, and NoScript plugins, combined with ongoing security training for all staff, will go a long way to mitigating these risks.