Small businesses are among the highest risk for cybersecurity attacks, according to Acting National Cyber Director Kemba Walden.
Cyberattacks on small and medium-sized businesses are escalating by more than 150%, reaching 31,000 attacks per day, according to a recent report.
Last year, 82% of all ransomware attacks targeted SMB organizations.
SMBs also experience 350% more social engineering attacks than larger organizations.
SMBs are low-hanging fruit for cybercriminals because they have limited IT resources, staff and cybersecurity defenses.
U.S. government agencies recognize this threat and are introducing several new initiatives to help SMBs combat it.
The Cybersecurity and Infrastructure Security Agency recently updated its cybersecurity performance goals to lower the cost and recommend goals SMBs can implement to improve their cybersecurity.
While these initiatives ramp up, SMBs have to realize it only takes one mistake to cause irreparable damage.
One person opening a phishing email and clicking on the link or attachment could lead to a ransomware demand or paying for a fake invoice, effectively shutting down the business.
The email could access a larger partner organization's supply chain or customer data, effectively damaging the brand.
They are using ChatGPT to write more polished phishing emails, executing more sophisticated schemes using domain spoofing, and redirecting users to malicious websites using YouTube, Google Translate or AWS services.
Enabling DMARC, DKIM and SPF for domain authentication helps block email phishing from impersonation domains.
Using passwords with multi-factor authentication leverages one-time passwords, biometrics and even challenge and reply tokens.
Investing in end-user education and security awareness training helps front-line workers spot potential phishing emails.
Join a GroupThis type of template email uses a popular brand name and implies that a victim has been invited to join a group call from a trusted source.
Email Password ResetPassword reset emails, including those seemingly from Outlook 365, indicate the victim's account has been disconnected and can only be restarted when the user resets their password.
Confirm Direct DepositThe fake email appears to come from a bank or vendor and asks the victim to confirm direct deposit information by clicking a link and providing personal information.
Account DeletionThis email says your account is set for deletion in a few days, and you can avoid this disaster only by taking the prescribed action right now.
SMBs are increasingly vulnerable to security threats.
By proactively addressing them, SMBs can protect critical confidential information and their reputation and keep their brand safe.
This Cyber News was published on securityboulevard.com. Publication date: Mon, 11 Dec 2023 15:43:04 +0000