Cyber threats are real and the business warnings are commonsensical, mundane and even simple – but so very important. Be aware! Don’t assume! Be pro-active!
It happens in Edmonton, and it happens around the world. Contrary to popular business denial myth, size does not matter. It happens to companies, organizations and institutions and it definitely happens to businesses of all sizes, big and small.
North American reports and surveys show that cybercrime is up by a staggering 600 per cent! A lot of the blame is still pointed at the pandemic; the rage popularity of working by remote and tech options like Zoom. More than half a million Zoom user accounts have been compromised and sold on the dark web.
“Some hacking groups do target specific, major enterprise, government agencies and institutions like hospitals, but there’s no doubt about it, small and medium businesses (SMBs) are absolutely under attack,” warns Vince Phillips, president and CEO of Edmonton’s popular and respected Foresight for IT. “There’s a plethora of attacks that target vulnerabilities in software and web browsers, and the attacks are not focused on business size, economy nor country. They are about volume.”
He underscores the urgent and real problem, especially for SMBs: denial, assuming and even procrastination.
It’s indisputable, from the high-profile cyber attacks in the news and, more importantly, the smaller and closer-to-home attacks and breaches which never make the news, cyber threats are business’ most dreaded contemporary risk.
Cybercriminals get better and more sophisticated every day, getting illegal access to electronic data stored on a company’s computer or network. The attacks target businesses, individuals, groups, organizations and institutions like hospital and even government agencies. They disrupt or take control of an entire computing infrastructure, interfere with data integrity, steal controlled information, inflict reputational damage and even weaken a country’s services and safety.
Understanding how and why cyber attacks happen is good business. Being prepared and doing something about it is critical business.
Of course, there’s a lot of techspeak involved but, the most common cyber risks and threats for businesses are as follows:
- Phishing is a cybercrime usually in an email, telephone or text message to lure individuals into providing sensitive personal or company data such as identifiable information, sales and customer files, banking and credit card details, passwords and more.
- Malware is malicious software that cybercriminals insert into a company’s web pages or web files after they’ve penetrated the business’ site to steal sensitive corporate data, including customers’ personal information.
- Viruses are malicious software attached to a document that supports macros to execute its code and spread from host to host and lays dormant until the document is opened and in use and then causes significant operational issues and data loss.
- Worms are rapidly replicating malicious software that spreads to any device within a network and can severely disrupt the operations of a device and cause data loss.
- Trojan viruses are usually disguised as a helpful program that can gain access to sensitive data and then modify, block or delete it once downloaded.
- Spyware is software that runs secretly on a computer and reports back to a remote user, often about sensitive information such as stolen financial or personal data.
- Adware collects data on computer usage and provides appropriate advertisements to the user of the infected device, redirecting browsers to unsafe sites and causing system slowdowns.
- Ransomware infects a computer and restricts users’ access to it until a ransom is paid to unlock it.
Beyond denial or wishful-thinking assumptions, just do it may be the ultimate (and urgent) call to action, especially for small businesses.
“The best thing a business can do is be aware of the types of threats through employee cyber security training and simulations,” Phillips says. “Ensure the business has the proper protections including monitoring, detection, and response provided by professionals.”
Edmonton cybersecurity experts cringe about the frequent SMB denials and risky assumptions that the business is too small and relatively insignificant to be a cyber attack target.
“Innocent ignorance makes Edmonton SMBs susceptible,” he points out. “Most cyber attacks on SMBs’ are crimes of opportunity. Hackers target the low hanging fruit and small businesses often think that hackers wouldn’t be interested in them because they are small, or they believe that just because they have never experienced a cyber crime event, they never will. So, the business chooses to do nothing.”
It is already a cyber threat cliché that small and mid-size businesses, which sometimes consider themselves little fish in the big pond, are not vulnerable. Trends and stats undisputably show that they are!
“It’s popular avoidance and denial, that cybercriminals only go after the whales, the big companies,” explains Edmonton’s Mike Schoenberger, the tech-savvy CEO of Sunco, a leading Canadian communication systems integrator keeping people and businesses across the country connected to each other. “The other business cyber myth is ‘I don’t care if they get my information. I have nothing to hide. What could they do with it? I’m a small blah blah blah business.’
“The reality is that the whales became better at protecting themselves, and in the last two years or so, cybercriminals are focusing on SMBs. It is why small businesses must pay attention more than ever.”
Respected Edmonton cybersecurity experts like Phillips and Schoenberger agree. Today, “doing something” (vs. thinking about it or ignoring it) is more important than ever.
Despite the complex details and tech-speak, for many SMBs, some simple, down-to-earth business factors like denial and employees are urgent problems. Accepting that cyber attacks happen to businesses and organizations of all sizes is a key culprit about denial and avoidance. As Schoenberger points out, “Involving and training staff is crucial. The number one cyber threat risk to every organization, especially small and midsize businesses, is its people.”
Case files and incident summaries show that, whether it is phishing or other business hack attacks, the majority of breaches are caused by employees.
“The company can invest in all the best technology and all the best two-factor authentication and more, but employees leave the door wide open for the attackers by unknowingly clicking on something and then, ‘Oops, I shouldn’t have clicked on that’ happens.”
Phillips emphasizes the best cyber risk management a business can undertake, “Be aware of the types of threats through employee cyber security training and simulations. It’s important not to reprimand an employee for falling victim to a cyber attack. Employees should be encouraged, not reluctant, about openly reporting attacks as soon as they think they responded or clicked on something in an e-mail that they shouldn’t have or if they suspect something has happened.”
Understandably, the case files and specific incidents of business cyber attacks are delicate, sensitive and confidential. They can also be learning lessons.
A business reached out to Foresight for IT when it was under an active attack.
“Their network was breached, files corrupted and the attackers were using the client’s computers to stage bigger attacks on other unsuspecting businesses, ‘hiding’ behind the business undetected for quite some time. Foresight for IT was brought in to work with authorities to identify the hacker’s entry point and their source, so that it could be traced back. We then followed our standard incident response process to contain and eradicate the threat. The business is now a long-time and loyal client and has not had a breach since,” Phillips says with a gratified smile.
