Security headlines continue to focus on high-profile breaches of Fortune-ranked enterprises. But there is a second story being ignored. Cybercrime syndicates are also targeting, attacking and breaching small, medium and even micro organizations in greater and greater numbers. Multiple industry studies support this claim, including ones from Cisco and Ponemon.
Why exactly are these organizations being targeted, what are the attacks to defend against and how can these organizations start to defend themselves?
Fast Money With Lower Entry Barriers
Midsize organizations are relatively easy targets. Like enterprises, they are rapidly evolving. They have adopted the cloud and development and operations teams, and they have digitized all their valuable assets. But compared to enterprises, midsize organizations have smaller cybersecurity teams, lower organizational security awareness and fewer critical systems to infect —making them easier to breach and ransom. While cybercriminals still see larger enterprises as higher-value targets, midsize organizations have transformed themselves into low-hanging fruit that cybercrime syndicates are happy to snag. Midsize organizations keep the cash flow for cybercrime syndicates going while they try to earn high payoffs with large enterprise compromise.
Midsize organizations also offer easy entry points into the larger enterprises they service. In many high-profile, large-scale breaches — including the breaches of Target, OPM, Best Buy, Sears and UMG — cybercriminals first compromised their smaller third-party providers and used them to open backdoors into the real target. Large enterprises are taking notice and have begun to demand a high level of cybersecurity maturity from their third-party service providers.
The Evolution Of New Low-Cost Attacks
Attack technologies have evolved. In the past, cyberattacks were relatively resource-intensive, so criminals had to focus their limited resources on large, high-value organizations. However, cybercriminals can now use automated, scalable, on-demand attack infrastructures to quickly launch many sophisticated attacks against a high volume of targets. And smaller organizations are getting caught in this new spray-and-pray approach.
This will only get worse. Every year, cybercriminals will find it easier to launch attacks against many mid-size organizations, use their initial victims and deepen their compromise. And this problem is poised to explode due to artificial intelligence (AI). Cybercrime syndicates have already begun to experiment with AI-driven attack tools. These AI-driven hacking tools will continue to increase the speed and sophistication of cyber threats and only widen the asymmetry between attackers and defenders.
Compromised Machines: Artillery For Future Attacks
Cybercrime syndicates are harvesting small-to-midsize business (SMB) endpoints, converting them into weapons and using them to deploy larger attacks. Most endpoints — including PCs, laptops and mobile devices — are underutilized. Cybercriminals have learned how to compromise these endpoints, run backdoors on them to execute attacks and effectively create a large-scale distributed computing infrastructure to launch their campaigns. They are using thousands of compromised systems to launch smothering DDOS attacks on larger enterprises. They are compromising the email accounts of midsize organizations to bypass spam filters and produce short, effective bursts of phishing emails.
How Can Midsize Organizations Stay Safe?
Cybercrime syndicates will continue to innovate their techniques and scale their attack infrastructure. In fact, with the evolution of AI-driven attacks tools, compromising systems might be a simple voice command away for the attacker. Mid-market businesses will need to focus on the most-used threats because of their limited resources. Luckily, the 80-20 rule applies here, where the large majority of security problems stem from the following handful of threats.
Most mid-size organizations have not implemented mature controls and robust user education programs to prevent phishing attacks, making them high-converting targets for phishing attacks. To get up to speed, midsize organizations need to focus on end-user awareness, strong email gateway security, two-factor authentication (2FA) for authentication and monitoring controls.
Malware attacks are more successful against midsize organizations, as they have smaller and simpler networks, and it takes attackers less time to reach organization crown jewels. In fact, according to a report from Verizon, 58% of malware victims are small organizations. As such, midsize organizations need to focus on detecting malware with good endpoint security, detecting lateral movement of attackers with analytics and rapidly containing successful breaches.
Cloud Console And Storage Attacks
As midsize organizations rush to get their cloud-based infrastructure into production, they often fail to realize that on-premise security mindset does not work in the cloud. Take, for example, storage security in the cloud. Small, inadvertent changes in the cloud can produce global high-impact data loss. Many organizations have suffered data exposure, due to Amazon Web Services S3 buckets being configured for public access.
Cybercrime syndicates are actively taking control of organizations by compromising their cloud consoles to steal data and demand ransom. These attacks are not new. Way back in 2014, Code Spaces completely shut downdue to console takeover. But today, automation is making these attacks faster and more common.
To protect against them, midsize organizations should tighten console access with 2FA, establish tighter role permissions and monitor different cloud components stringently. Simply put, a combination of weak console and storage permissions can prove fatal for any midsize organization.
Web Application Attacks
Web applications have been a weak link traditionally. With the current innovation wave incorporating microservices, containers and federated access — it has become more complex to secure.
Right now, the top web application attacks include SQL injection, cross-site scripting and parameter manipulation. This means mid-size organizations need to focus on building robust web application firewall (WAF) protection, continuously monitor all attack events on their web applications and, of course, ensure secure coding as part of their development, security and operations program.
Of course, it is not an asymmetric game in favor of cybercriminals. Artificial intelligence is part of many cybersecurity tools today, making it easier to detect and respond to these emerging scenarios.