As data and connectivity increasingly drive many business sectors, more organizations are finding themselves at risk of becoming victims of cybercrime. (Shutterstock)
With defenses down, attackers pounce
Attackers are frequently turning their sights to mid-market organizations because they're seen as easy targets. While these companies typically have sizable assets and valuable information to exploit, they often lack the sophisticated security apparatus of Fortune 1000s. A recent report by Malwarebytes surveyed security professionals at 900 mid-market organizations and found that 73% were hit with some type of security threat in the past 12 months. As a percentage of revenues, smaller organizations are often hit with much bigger losses than large companies. According to Accenture, the average cost of cybercrime over a three year period for a mid-market company can top $5 million. These attacks can also lead to brand damages, diminished trust by customers, lawsuits and more. |
Network attack strategies expand
For the mid-market in particular, the rise of the remote worker and the increase in popularity of Bring Your Own Device (BYOD) policies have unintentionally propagated network risks. With Wi-Fi readily available in restaurants, coffee shops, hotels, airports, office buildings and even parks, attackers have prioritized public locations in which high-value workers are always in need of an internet connection. This strategy has led attackers to deploy a variety of network-enabled hacking techniques to gain access to credentials for data exfiltration and as a means to inject malware and ransomware. Mitigating such risks starts by knowing how attackers penetrate devices through public networks. Here are some of the most commonly-used attack techniques. |
Common sense prevention
There is no shortage of network-based threats plaguing mid-market companies, which is why it is so important for these businesses to invest more in their cybersecurity and create plans that can better address and mitigate risk. Fortunately, there are several measures that can help. First, organizations must implement stronger and more effective policies regarding the use of employee-owned devices for work-related activities. While BYOD and 'work from anywhere' strategies have enabled organizations new levels of productivity and efficiency, they often reduce the control organizations have over external network connections. Mid-market organizations should also ensure that employees are readily updating their firmware, using standardized software, and are participating in education and training on best cybersecurity practices. Another means to enhance security is to improve access control. While popular cloud services such as G-Suite, Office365, Dropbox and Salesforce offer some security, none of these technologies are fool-proof and all are vulnerable to malware, phishing and other attacks. Finally, consolidating and simplifying a security strategy (if one does actually exist) can go a long way in enhancing organizational protection. There are now platforms designed from the ground up with all the security needed, eliminating the historic burdens of heavy implementation, manual monitoring and intervention that can offer end-to-end protection. There are also managed security service providers (MSSPs) that can serve as an outsourced security operations center (SOC). Network vulnerabilities are poised to remain problematic for the foreseeable future, as ubiquitous internet connectivity expands the attack surface even further and remote work continues to increase. As such, mid-sized companies must take network threats more seriously. They simply cannot recover from an incident with the ease and continuity that a Fortune 1000 can. Dror Liwer ([email protected]) is the co-founder and CISO of Coronet, a data breach protection provider for companies that use the cloud. See also: Top 10 writers of cybersecurity insurance
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
- Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
