After several prolonged, difficult months, plagued by coronavirus, small business owners are preparing for the day they can finally and permanently reopen their doors.
The pandemic has seriously impacted the health of businesses everywhere, and for most employers, getting their business operating back to some form of normality cannot come soon enough.
But whilst businesses across the country prepare to welcome back their employees and customers, hackers and cyber criminals are actively infiltrating and exploiting small businesses at breathtaking speed and success.
Small to medium sized businesses are particularly vulnerable to renewed and increasingly sophisticated cyber-attacks. In fact, an estimated 43% of global cyberattacks involve small and medium sized businesses.
Unlike large corporations and government agencies, many SMEs do not believe they are attractive or high profile enough to be targeted by cyber criminals and subsequently, neglect investing and budgeting for cyber security protection that is required to prevent unauthorised breaches.
Profiteering from the pandemic
It’s a fact that the COVID-19 pandemic has seen an unprecedent spike in cyber security attacks. According to a new report from Microsoft, COVID-19 themed cyber-attacks spiked to nearly a million a day during the first week of March.
Phishing attack attempts are the main area the cyber criminals are focusing on with attacks up by 600% in March alone according to Barracuda Networks. Other types of attacks cyber criminals are focusing on are:
Considerable domain names were registered at the start of the pandemic containing terms like “coronavirus” “corona-virus” “covid-19” “corona-pandemic”. Whilst some of these websites are legitimate, the vast majority are not. Cyber criminals are registering thousands of new domains and websites every day to carry out spam campaigns, phishing campaigns and to spread malware and ransomware to user devices.
Cyber criminals are taking advantage of widespread global communications to mask their activities and cover tracks. Malware, spyware and trojans have been embedded into interactive coronavirus maps and websites. Spam emails are also tricking users into clicking on links which download malware to their devices so they can be compromised.
Hospitals, medical centres and public institutes are among the top targets for cyber criminals when using ransomware attacks. This is due to them being overwhelmed with the crisis and they cannot afford to be without systems and key services. The cyber criminals believe such institutes are likely to pay the ransomware so they can continue to operate which is why they are a key target. Ransomware is generally entering systems via emails containing infected links or attachments, compromised employee credentials or by exploiting a vulnerability in systems.
Control the risk
With most organisations having adopted working from home practices because of the pandemic, it is critical that employers create remote working policies to mitigate the risks involved.
Whilst many SMEs understand the importance of having a cyber security culture in the office environment, this is very difficult to replicate for employees working from home and is often overlooked.
There are many areas that businesses need to consider such as device security, strong passwords and multifactor authentication, so having a detailed plan in place that details the current security posture of the business as it stands, and where it needs to be going forward is absolutely key.
Critically, this should also be extended to cover working from public places as well as home.
The disruption caused by COVID-19 is inevitable and businesses have enough to worry about without contending with cyber security and compliance issues. But unfortunately, cyber criminals have sensed an opportunity amid the pandemic to exploit people’s fear and uncertainty.
Security company Check Point suggest that coronavirus-related attacks are now declining but state that threats are likely to continue at heightened levels for some time yet. Once a hacker has compromised and gained access to a network, they can install malware and choose to activate it at any time in the future.
In 2019, the average single data breach cost a business $200,000 and studies have shown that 60% of these small business victims go out of business within the first six months of experiencing such a transgression.
SMEs should take quick and decisive action as its never been so important to develop and implement a strong cyber security strategy to help combat the ever-changing threat landscape and mitigate risk. Data protection is key to this along with securing critical systems.
After months of lockdown, small businesses now have the opportunity to firm up their cyber defences to protect their employees, customers and livelihoods from cyberattacks. Small businesses should adapt to the new and ever-changing cyber threat landscape as we prepare for a post COVID-19 era.
A solid cybersecurity strategy is no longer just for larger businesses nor is it a luxury – it is a necessity.