Why evolving cyber threats mean small businesses are ransomware targets
Dark Matter’s powerful fictional short film based on real events, Butterfly, goes inside the experience of a small business as its world is turned upside down by ransomware.
It’s an experience shared by a growing number of small businesses – half experienced some form of cybersecurity breach or attack in the last 12 months.
Yet not all want to tell their story, or even report they’ve been attacked. This helps propagate the myth that small businesses don’t need the same protection as larger firms.
“Small businesses, maybe ten years ago, were not such attractive targets” explains Jake North, Product Manager for Consumer & Small Business Security Software at Dell Technologies.
“The tools and the technologies that attackers would use weren’t so sophisticated – they weren’t able to do so much – and there was a bit of an epidemic failure to understand the value of the information that small businesses had.”
This has changed, and the problem is compounded by the fact that small and medium sized businesses (SMBs), working with limited IT resources, are usually less aware of and prepared for attacks.
“Large organizations tend to report that they’ve had more” says Steve Furnell, Professor of Cybersecurity at the University of Nottingham, “but that’s not necessarily because they’re larger organisations and a bigger target, but because they have more capability to identify what’s going on.”
Today’s cybercriminal organisations aren’t always targeting specific companies or types of business. Their sophisticated tools spread widely, probing for vulnerabilities, and they harness email phishing campaigns as well as compromised apps or websites.
“The IT threat landscape has evolved massively,” says Martin Pivetta, Director of Product Management for small business at McAfee. “The cybercrime business is bigger than the drug crime business nowadays, and it’s more anonymous. These organisations are set up with very big structures and act in a very professional way.”
This puts small businesses in the firing line, even if they might not seem as juicy a target as larger corporations.
“If you are able to harness, shall we say, a thousand small businesses” notes Furnell, “you’re going to get a fair amount of money from that collectively, and perhaps with less resistance.”
So, what can small businesses do?
“Make sure that employees are aware of scams and what to look out for,” says Pivetta. “Get the basic training done with them. If you don’t know how to do that, resources are available on the Internet and from the McAfee website.”
Secondly, Pivetta suggests businesses should “make sure you have basic protection across your whole business, for your devices, for your mobile devices, and for your employees”.
Doing so doesn’t have to be onerous or expensive.
“There are a number of risks that are pervasive and scary,” says North, “and small businesses can spend a lot of time and a lot of money remediating those risk, but they do not have to.”
He points small business owners to McAfee Business Protection, a simplified, highly-automated security suite.
Available exclusively at Dell, on Dell business PCs, it takes businesses step-by-step through encrypting hard drives and installing software to set up a high-level, frontline defence.
It then leaves business leaders to focus on their core activities rather than security, while ensuring they maintain awareness.
As North puts it: “McAfee is very good at providing the advice, then helping you to act on that to make sure it gets done, then monitoring to make sure that your employees are following these policies so that, if your employee does something that’s risky, you get a notification.’
Watch the full Butterfly film or learn more about McAfee Business Protection now.