When running a small business, there are many things that must be focused. Make sales, find new customers and motivate your employees among them; however, keeping your business safe from cyber attacks might take precedence over everything.
That’s because if you are a victim of a cyber attack, you might be out of business altogether. Cyber attacks on small businesses can be crippling. Research shows that 60% of small businesses that are victims of cyber attacks are out of business within six months.
One specific type of cyber attack business that needs attention is malware. Malware is a general term that describes any malicious program or code that is harmful to a company’s system, said Akshay Bhargava, senior vice president of products for Malwarebytes.
“Malware attempts to attack, destroy, or deactivate computers, computer systems, networks, tablets and cellular devices, often by taking partial control of device operations,” said Bhargava. “Like human flu, it interferes with normal function.”
We recently talked to Bhargava about malware, how it can affect small businesses and how artificial intelligence and machine learning make it more difficult than ever to detect and combat this growing threat. [Are you in the market for internet security software for your company? See our best choices and reviews.]
Increased malware threats for SMEs
Q: How does malware affect small businesses?
A: Small businesses are very vulnerable to threats because they often do not have the resources for products or a broad security team such as larger companies. This is arguably more important for small businesses to protect themselves, because, unfortunately, when these organizations are exposed to malware, it can completely cripple, or end, their business.
In fact, 43% of data violations come from small businesses, according to the 2019 Verizon Data Breach Investigations Report. This means SMEs must fight and do more with less.
read another business post How to QC Your Lead Follow-Up System
The use of personal mobile devices for business use further complicates risks for SMEs. This device gives cyber criminals additional points to enter the organization. Only by opening an email on a mobile device, unsuspecting employees can open the door to critical violations, endangering organizational information, including customer and employee data.
Securing this endpoint with the right policies, protocols and tools for protection is very important. Many small businesses believe that they are too small to be targeted by criminals, but what happens is the opposite. Cybercriminals often target these organizations because SMEs often lack sophisticated and layered security practices, making it easier to get sensitive data they hold.
Q: How does artificial intelligence and machine learning affect the type of malware used by cyber criminals?
A: Today, understanding cyber criminals have realized that they can take advantage of AI and machine learning to develop automated and evolving viruses. This allows the virus to change and avoid detection for a longer period of time when the virus spreads throughout the network and infects new devices. Like human viruses, this is very dangerous when they “evolve,” or changing their code becomes more difficult to resist and prevent.
Criminals use machine learning and AI to do many things throughout the life of an attack, such as gathering information about targets, imitating approved users, carrying out actual attacks, and automating exploitation activities.
Q: Does this type of malware pose a greater threat to business than traditional malware?
A: Of course. This malware is far more difficult to detect in real time because it always changes its signature. To detect this threat, we need to fight fire with fire.
In Malwarebytes, we have used a machine learning component that detects malware that has never been seen before in the wild, also known as zero-day. In addition, other components of our software perform behavior-based heuristic detection, which means they may not recognize certain codes as dangerous, but they have determined that a file or website acts in a way that should not be done. This technology is also based on AI and machine learning.
Protect your SMB – and you – from malware attacks
Q: What can small businesses do to protect themselves from hackers and malware?
A: Apart from the significant strength that SME vulnerabilities have for attackers, there are a number of simple solutions to prevent them from becoming problematic:
Use a layered security approach. Deploy complementary products that leave no gap for cyber criminals to be exploited. Look holistically at your current security tools and evaluate how to eliminate gaps using a layered security approach. You must review your organization’s specific needs, but you may want to consider things like endpoint security, encryption, firewalls, and identity and access management.
Patch your system. Basic maintenance can counteract many problems. For example, cyber criminals can easily exploit the default software vulnerabilities on the Windows operating system. These criminals monitor websites to find out the latest general vulnerabilities and exposures (CVE) and then develop software exploits that exploit vulnerabilities.
Train your staff. Invest in regular and ongoing training for your employees to help them recognize the latest security threats, including phishing emails and other social engineering tactics. Also, make sure your first respondent, or those who have access to customer sensitive data or proprietary rights, are experienced in cyber security best practices.
Q: Why do cyber criminals focus on small businesses?
A: SMEs are often more vulnerable than large companies because they usually lack the resources and bandwidth to hire special security teams. Even though they are not as profitable as company targets, they are significantly more vulnerable and offer a significant amount of data compared to target consumers. In addition, small business owners are more likely to pay ransom, because they may not have a backup of their important data.
Small businesses can also be accessed as gateways to larger companies or other small business networks, unlocking bigger prizes for cyber criminals. For example, criminals can spread malware to Inbenta Technologies customer support products, which then allows them to compromise personal data and payment details for thousands of Ticketmaster customers.
Unfortunately, with fewer resources, small businesses also tend to catch criminals targeting them. Criminals feel the risk versus reward ratio is higher when it comes to SMEs.
Q: Besides malware, what types of cyber threats are the most vulnerable for small businesses?
A: To be clear, there are many types of malware, including ransomware, worms, Trojans, cryptomining, spyware, adware, and maliklan. Some of them are really malignant, while others may only drain your system – but all must be dealt with quickly to ensure the business can continue to run efficiently and safely.
Other types of cyber threats that small businesses must prepare to address include distributed denial of service attacks (DDoS), insider threats and employee errors and errors.
Business has become a prime target for criminals, according to Malactic Cyber Crime Tactics and Techniques Report. Compared to Q1 2018, business detection of threats skyrocketed 235%, and according to Accenture, malware is a threat. 1 for the organization, followed by web-based attacks, denial of service and evil insiders.
Q: What technology can’t you turn on without it?
A: My cellphone. Being in security has made me hesitate to wear too many items that can be worn like iWatch, but I can’t live without my cellphone. Like many people, I work all the time. My device is part of me, connecting me to personal and corporate applications.
Of course, this is a concern for our chief information security officer, because my device represents the door to Malwarebytes, and it needs to be secured. Every executive I know carries at least one mobile device at any time.
In fact, the average US has eight network devices per person, the number of which is expected to increase to 13 by 2022. Each of these devices is