BugBountywriteupcybersecurityhackingpenetration-testingsecuritysmall-businesssmb

Myth: Small or Medium-Sized Businesses Have Nothing of Value to An Attacker

Become a Patron!

This is the second part of the series “Three Fundamental Security Myths in Cyber Security Domain and Reasons for Being Vulnerable”.

Myth1: Header

Many small businesses assume they have nothing useful to an attacker in order that they are unlikely to be a target and assume that attackers only target large businesses largely however the terribly opposite is that the reality. Many people say this repeatedly “we don’t have anything of value to an attacker, so would they attack us?” question thus usually that it drives me bananas.

Small organizations are really excellent targets for attacks as a result of they have weak defenses in order that they are simply compromised.

According to Verizon’s 2019 Data Breach Investigations Report (DBIR)[1], small and medium-sized businesses accounted for 43% of cyberattacks. A 2016 Government report confirms that 74% of small and medium-sized businesses (SMBs) reported a security breach which solely 7% of small businesses to expect information security spend to increase within the next year. According to a US justice.gov survey[2] “More than 4,000 ransomware attacks have occurred every day since the beginning of 2016. That is a 300% of increment over 2015, where 1,000 ransomware attacks were seen per day.”

Ransomware is that the weapon of option to attack small businesses indiscriminately, victimization it to encode the victim systems and files. only if a ransom is paid are the files unencrypted.

All small businesses have one thing useful to themselves and it’s their own files and systems, which might be held for ransom.

Ransomware affects each SMBs and individuals alike. The attackers are currently craft the number of cash demanded. they are doing not ask for an outsized sum from victims they understand cannot pay. To unencrypt the files, they ask for a sum of cash that’s significant, however “acceptable” to the victim.

In the case of an individual, it’d be $100. For a small organization, maybe $500 is enough to form a pleasant financial gain for the attackers and small enough that their victims are seemingly to pay.

Using ransomware to attack soft targets like small to medium-sized businesses have become additional and more prevailing. thus, not solely is this a myth, it’s a particularly dangerous myth to believe and also the one that’s ordinarily held by management.

References

[1] “Verizon: 2019 Data Breach Investigations Report,” Comput. Fraud Secur., vol. 2019, no. 6, p. 4, 2019.
[2] United States Goverment, “How to Protecting Your Networks from Ransomware,” pp. 2–8, 2016

Follow Infosec Write-ups for more such awesome write-ups.

InfoSec Write-ups


Myth: Small or Medium-Sized Businesses Have Nothing of Value to An Attacker was originally published in InfoSec Write-ups on Medium, where people are continuing the conversation by highlighting and responding to this story.

Myth: Small or Medium-Sized Businesses Have Nothing of Value to An Attacker
InfoSec Write-ups – Medium
Source link




Tags
Show More

Leave a Reply

Back to top button
Close