Share it
Share it
Monday, 10 february 2020 | Redacción CEU
Who would be interested in attacking me? This is one of the questions that many victims of cyberattacks have asked before becoming the specific target of a cybercriminal. One of the greatest risks of living in a connected society is the high exposure to digital attacks that users and companies have. However, there are many who still consider that this is only a problem which concerns large corporations and institutions. Conversely, the people behind these cyberattacks are fully aware that precisely the most vulnerable ones are those users who are least afraid of them. As a consequence, the ordinary citizens and the smaller organizations end up being the target of these attacks.
The pursuit of profit is one of the main incentives for cybercriminals. That is the reason why attacks based on information hijacking or cyber-blackmail are becoming a trend among them. Large corporations are presumably the wealthiest, but their favorite target are SMEs, micro-enterprises and self-employed professionals. Why? Because they are precisely the ones which least invest in security and who are less aware of and prepared for these attacks. Therefore, they are also those who fall in the traps that have been set for them.
SMEs and ransomware attacks
The figures are conclusive. According to Beazley Breach Response Services, seven out of ten ransomware attacks are aimed at SMEs. However, what does this type of cyber-crimes consist of? They are a type of attack with malware which is used to prevent users from accessing the documentation which is stored on their computers, stop them from using them or threaten them with destroying all the information stored in them. This information may be essential for many companies to develop their activity or protect the data of their customers. What criminals pursue with ransomware attacks is that victims pay them in order to solve this situation and avoid the negative consequences.
The cybercriminals behind these attacks know how to proceed to intimidate their victims. When they infect computers, they send a message communicating that if users do not pay ransoms, they will not be able to recover their files, access the system or prevent them from destroying all the information which is stored in them. Frequently, in order to increase the tension atmosphere, they activate a countdown that sets a deadline for the payment of the ransom. The amount of the money may also increase as time goes by. Cybercriminals usually require the payment of the ransom in cryptocurrencies so that they manage to hide the money trail.
Cybersecurity experts recommend not paying the ransom, as there is no guarantee that, after its payment, the attackers will reverse the damage. In fact, instead of solving the problem, they might aggravate it. Sometimes cybercriminals redirect their victims to links with malware with the promise that they will find on it the key to solving the problem.
The perfect target
The 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses report carried out by the Ponemon Institute highlights the interest of cybercriminals in SMEs. Specifically, it underlines the number of attacks on SMEs: they have grown considerably. These attacks are also becoming more sophisticated. Its analysis shows that, in the twelve months prior to the date of the report, 66% of the SMEs that were surveyed in different parts of the world claimed that they had been cyber-attacked. In the United States, this percentage was 76%. According to this study, the most common attacks were phishing (57%), compromised or stolen devices (33%) and credential theft (30%). Likewise, 63% of companies reported having had an incident related to the loss of sensitive information concerning employees or customers (69% in the USA).
Another fact that attracts attention is the one included in the report on Cybersecurity in Spain (2019) conducted by Google and carried out by The Cocktail Analytics. According to it, 99.8% of the business network in this country consists of SMEs. On the other hand, these companies do not consider themselves as an attractive target for cyberattacks. That is the reason why about three million companies have little or no protection against hackers. Only 36% of the SMEs that were surveyed have established basic security protocols. This study also indicates that SMEs and private users were the main targets of cyberattacks in 2018 (102,414 incidents).
SMEs are becoming the perfect target for cybercriminals because of their lack of awareness and preparation. Therefore, experts recommend that SMEs take some measures such as:
- Establishing backup measures that are aligned to the business strategy
- Raising awareness and training employees properly and continuously
- Having operating systems, applications and devices that are updated automatically and centrally
- Making use of virtual private networks and updating web browsers
- Creating employee’s accounts with limited privileges
- Granting the appropriate tools that are necessary to protect the company according to the specific features of the businesses
- Paying attention and taking appropriate measures regarding the use of removable devices and smartphones
- Periodically scanning computers with an anti-malware software
- Using robust passwords and blocking policies
The CEU IAM Business School offers an International Master’s Degree in Digital Business which is focused on the development of the management capabilities that companies demand in this digital and global environment. It is training that combines a strategic and analytical approach, by delving into key issues such as the digital ecosystem and management, digital communication, innovation, entrepreneurship and Big Data. Do you want to become one of its students? Ask for further information with no obligation on your part!