How businesses can stay safe from cyberattacks – key steps

“The building blocks of a well-thought-out cyber resilience plan are being able to identify, protect, detect, respond, and recover from cyber threats.”

By Rotem Shemesh, Calcalist

In the current cyberthreat landscape, it’s critical for small and medium businesses (SMBs) to prioritize security, strengthen their cyber resilience, and make sure they are best positioned to recover quickly in the eventuality of an attack.

In the new world of work, many SMBs have digitized the vast majority of their data and processes, and these digital assets present a concentrated risk that has a bigger attack surface than ever before. Endpoints are becoming more diverse and distributed. No longer limited to PCs and servers, they are phones, cameras, printers, watches, smart speakers, and the list goes on. This has created an environment of disastrous risk potential for cyber-attacks which are becoming increasingly difficult to recover from and have larger repercussions. Businesses need to smarten up and act swiftly to proactively address the threats they face.

With a continuous increase in ransomware and phishing attacks targeting SMBs and the growing popularity of supply chain attacks such as the attack on Amital Data about a year ago, 2022 is expected to be a record year in SMBs cyber threats landscape.

How can SMBs protect against the most burning cyber threats?

Investments in security and protection technologies are a start for SMBs but are no longer enough. The building blocks of a well-thought-out cyber resilience plan are being able to identify, protect, detect, respond, and recover from cyber threats. It’s important to touch each of these elements when building a cybersecurity plan to ensure a quick recovery and ‘back to business’ in case of a successful attack. Here are the 5 most important actions to take when preparing your SMB security stack for the coming year:

1. Ensure Smooth & Quick Recovery – The basic assumption about cyber risk has changed – instead of asking “What if my business will be hacked?” SMBs should now ask “When will my business be hacked?” and “How will I recover from a cyber incident?”. The assumption is that all businesses will experience a cyberattack at some point, it is just a matter of time. Therefore, businesses need to be prepared and strengthen their recovery capabilities in addition to traditional security programs.

The reality is that ransomware is the number one threat in most cases with an average cost of remediation of $569,729 for Israeli organizations, and unfortunately, there is no foolproof way to prevent a ransomware attack. Even the most protected and prepared businesses can fall victim to ransomware. Therefore, the first step businesses should take is to ensure backup of all their digital assets. It’s crucial to select a backup solution that enables easy recovery in case of ransomware. It’s also important that the backup and recovery solution will include some protection against ransomware (for example, isolate infected data or avoid backing up malware). Luckily, there are backup and recovery solutions designed specifically for SMBs, which do not require special expertise in order to deploy or maintain and offer smooth recovery to allow minimal downtime in case of a cyber incident.

2. Detect and Respond to Threats – To ensure malware is detected as soon as it penetrates the business, one must have an antivirus in place. However, considering today’s threat landscape, having a traditional antivirus is not enough. SMBs should install more sophisticated endpoint detection and response (EDR) tools that would scan for malware and behavior, identify it, alert and provide immediate response automatically in case of a cybersecurity incident. Initial infection is still not too late for preventing havoc.

3. Prevent Threats from Entering Your Business – More than 90% of attacks enter victim organizations via email. As such, you as an SMB should ensure you have advanced threat protection for email (unfortunately, the standard protection from Google and Microsoft is insufficient). In addition to email, the risk of cyber threats being delivered and spread via other collaboration tools (Microsoft Teams, OneDrive, Google Drive, Zoom, Slack etc.) is constantly growing. Ideally, SMBs should select a security solution that protects different channels but is managed from one place. This will ensure your business is protected while reducing overhead and cost. Here too, there are products that are directed at SMBs which are simple to deploy and require no maintenance.

4. Train Your Employees on How to Identify Threats – Bad actors use social engineering and are becoming increasingly sophisticated. To reduce the risks, businesses of all sizes should conduct phishing awareness training periodically and make sure their employees are aware of the threats and do not click every link or file sent to them.

While it’s more common for ransomware attacks to go undetected, there are still ways to identify if a hacker may have impacted your devices. Instructing employees to notify management in case they see unusual changes to file names, lockout screens, or a pop-up with a ransom note may be critical in isolating the contaminated devices and mitigating the risks.

5. Work With Trusted Vendors – As supply chain attacks become more popular and hackers often get access to businesses via their vendors (especially software vendors), it’s becoming more important than ever to select suppliers that are highly secure and implement security measures throughout their development process. After all, you don’t want to be one of the victims of incidents like the REvil ransomware attack spread via Kaseya’s software to thousands of SMBs last year, or the SolarWind attack that affected even the most protected organizations in the U.S.

The cyber risk for small and medium businesses is there and it keeps growing. The earlier you take action to protect your business the better. Assuming most SMBs don’t have an Information Security department in-house, the best way to ensure your security is working with a trusted managed service provider (MSP) or managed security service provider (MSSP) that can help you navigate and take the crucial steps in protecting the business.