We were so excited to read a post over at Dark Reading that really hits the nail on the head when it easy steps that any business can take to protect itself. We have re-posted the article here in its entirety, but we encourage you to check out the original article on their site in addition to all of the great content and articles they have.
Have questions about the current state of your business’s security posture, or wondering how Ihloom can help you fix these issues? Contact Us to receive a free cyber security gap assessment and better understand how to protect your organization!
The following article originally appeared on Dark Reading’s website on August 2, 2021.
Despite what many small business owners think, cybercriminals don’t care about the size of your organization. The rise of automation means they can target lists of small to midsized businesses (SMBs) as easily as they would one multinational organization, putting all companies at risk. Verizon reports that 43% of cyberattacks already target small businesses.
If your organization is an SMB, don’t become a statistic. Protect your organization by securing these five vulnerabilities.
1. Unpatched Software Applications
Cybercriminals exploit software vulnerabilities because they know that manual patching is a complex, time-consuming process. One recent study found that 40% of IT professionals admit to suffering a breach because of unpatched flaws in their systems, and 42% say a breach occurred because of a known vulnerability that remained unpatched. More than half of the respondents (57%) say their organizations do not know which vulnerabilities pose the highest risk. Over six months, the organizations surveyed had an average backlog of 57,555 identified vulnerabilities.
While many believe that new vulnerabilities pose the highest risk because patches aren’t available, one study discovered a vulnerability that dated back 16 years. Just as surprising, this same study found that 42% of companies were using software that had reached end-of-life, so patches were no longer available.
2. Unprotected Networks and Servers
Given today’s cybersecurity landscape, many organizations still do not adequately protect their networks and servers. In one recent study, 84% of companies had high-risk vulnerabilities present on their external networks, while 58% had hosts with a high-risk vulnerability exploitable with a publicly available toolkit.
If those statistics aren’t sobering enough, another study found that cybercriminals can attack users in nine out of 10 Web applications by redirecting them to a hacker-controlled resource, stealing credentials in phishing attacks, and infecting computers with malware.
Keep in mind, cybercriminals don’t just focus on Windows servers and PCs. One cybercrime group has been focused on Linux servers since 2012. And while many once believed Mac computers were resistant to hacking, macOS malware has increased by 165% during the last year.
3. Weak Passwords
Weak passwords are responsible for 81% of hacking-related data breaches, according to a LogMeIn survey. Despite this statistic, many users still do not recognize the importance of strong and unique passwords. Sixty-five percent of people reuse passwords across multiple, if not all, sites. While 91% claim to understand the risks of using the same password across multiple accounts, 59% do it anyway.
Sixty-one percent of these respondents say the primary reason for password reuse is the fear of forgetfulness, and 50% say they reuse passwords across multiple accounts because they want to know and control their passwords all the time.
4. Unprotected Emails
Email is the vector used in 91% of successful data breaches. Studies have found that while targeted users open 30% of phishing messages, 12% of those users click on the malicious attachment or link. Given these statistics, it is no wonder that 56% of IT decision-makers say targeted phishing attacks are their top security threat.
A separate study found there was an average of 1.23 million new phishing sites created every month in 2018, and it is doubtful that number has decreased. You can be sure that cybercriminals will continuously perfect their email strategies by playing on a user’s emotion.
5. Inadequate Security Awareness Training
Ninety-five percent of cybersecurity breaches are caused by human error, not by the IT department. Despite cybercrimes increasing 600% in 2020 due to remote work, 66% of employees have not received proper IT security training. Unfortunately, mobile devices are also in the crosshairs of cybercriminals. New malware variants for mobile devices increased 54% in 2018 alone, with 98% of mobile malware targeting Android devices.
Another shocking statistic: Third-party app stores host 99.9% of discovered mobile malware. Typically, these app stores offer free software to lure users into installing malware unknowingly.
On the positive side, the Aberdeen Group reports that security awareness training could reduce the risk of socially engineered cyberthreats by up to 70%.
Small business owners can no longer rely on their size to avoid cyberattacks – no business bank account is too small in the age of automation. SMBs need to understand the risk of these bad practices and eliminate these vulnerabilities. Otherwise, the inevitable cyberattack will be more devastating when it does occur.