How to protect small enterprises from advanced attacks without spending a fortune
The time taken to detect a cybersecurity incident may impact the consequences of an attack. For example, according to our latest research, small and medium businesses (those with less than 1000 employees) that identified an issue right after it happened, suffered 17% less financial damage from a data leak than those that detected it a week or more after the attack.
The same survey found that only 10% of businesses in this segment managed to detect a breach immediately. So, how is it that businesses can overlook such a large issue?
Advanced attacks have become more affordable…
Cybercriminals are more likely to conduct advanced attacks when the cost of organizing it is lower than the potential revenue - for example, the amount of money received as a ransom for decrypting files or income from selling stolen sensitive data. That’s why sophisticated attacks usually target large enterprises – as there are more chances to hit the jackpot.
However, attacks against small and medium businesses have also become profitable. First, there is no need for malefactors to develop their own malware that evades detection by security solutions. They can just re-use the ‘best practices’ of their ‘peers’ – for example, by buying a necessary toolkit. Thus, advanced attacks on medium-sized businesses are worth the trouble as well.
Besides, cybercriminals may not use malware at all. They can misuse the legitimate functionality of an operating system or remote administration software to collect credentials or gain access to information without being noticed by endpoint prevention products. Our incident response team estimated that this kind of software was involved in almost a third of customers’ requests (30%).
Such threats are not only difficult to spot, but they ..
Support the originator by clicking the read the rest link below.
