Carbonite Webroot
Don't expect cybercriminals to take a hiatus on account of the global pandemic and unstable economy. Instead, they've kicked their efforts into high gear to exploit this period of vulnerability. In recent months, malicious files with "Zoom" in the name have seen a 2,000 percent jump and a growing number of fake web sites that claim to be about COVID-19 have begun to wreak havoc.
That doesn't even consider the 40 percent increase in unsecured remote desktop protocol (RDP) machines in use, the direct result of an overnight, unexpected shift to a remote workforce for many companies. And small- and medium-sized businesses (SMBs) remain the most vulnerable – with 71 percent of cyberattacks targeted at SMBs and 58 percent of SMBs experiencing breaches.
Why SMBs? Frankly, they typically have a weaker defense system because they tend to lack the financial and human resources needed to resolve issues. Case in point: more than half of companies (56 percent) are unable to detect breaches for months. And with advanced threat vectors, such as polymorphic malware and malicious scripts, traditional blocking solutions are no longer enough.
Increasingly, small businesses are turning to managed service providers (MSPs) to secure their data, equipment and communications from potential intrusions. But MSPs can only do so much as they, too, are susceptible to cyberattacks. In fact, the U.S. Secret Service recently issued an advisory about a continued increase in cyberattacks stemming from compromised MSPs.
So, what is a small business owner or MSP to do? To start, the focus should shift from single, catch-all cybersecurity solutions to robust, multi-layer cyber resilience plans. This larger scale, longer term, approach involves tapping several different mechanisms that can make up a comprehensive safeguard.
Cyber resilience is more than just network safeguards. It's a process that includes protection for users, endpoints and the network, as well as backup, data recovery and business continuity plans. And those are just the basics. Depending on the company and the size of the business, it may be worth looking into other resilience efforts, such as DNS protection, backup for Microsoft 365, or advanced threat intelligence systems.
It's important to remember that one of the most effective tools is training. End-users, traditionally the weakest links in any security strategy, should know how to identify, avoid and isolate potential malware and understand that their actions could potentially infect the entire company.
That means it's also in the best interests of the MSPs to be part of the overall solution. That includes honest conversations with their customers about the vulnerabilities and right mix of safeguards that meet the company's unique needs and budget. And, given the impact of COVID-19 on smaller businesses, MSPs should be flexible and accommodating on pricing to help a potentially long-term client get through the rough patch.
The cybersecurity battle is one that will never truly go away. As technologies become more sophisticated, so do the cybercriminals. To stay ahead of the bad guys, it's important that companies recognize what they can do on their own – and where they need help – and then put it into action.
Without the effort toward cyber resilience, businesses put their survival at risk.