Technology is notorious for change. Updates solve problems and innovations create solutions. As we continue to respond to cyberattacks and guide small to medium-sized businesses (SMBs) to safer shores, we ironically see old problems persist. In order to address the challenges facing SMBs in 2021, we need to address both new and old, both human error and technical shortcomings.
Old problem – Communication
A surprisingly human problem that cyber attackers can often exploit is that of communication within an organization. Oftentimes within the four walls of an SMB, cybersecurity is seen as an expense rather than an asset, let alone a priority. IT teams find themselves limited by resources, time, teammates, and the everyday operational tasks of the business, leaving little time for active defense against a constant stream of cyberattacks. If executive decisions don’t support the needs of IT, security falls to the wayside and attacks have major consequences. Without clear communication between these teams, knowledge transfer is impossible and potential incidents become even more chaotic and confusing than they already are to begin with.
Old problem – Deception
Another “human” problem is that of deception — a threat to an organization’s security since the dawn of time. Even with robust technical safeguards or the latest security solutions, humans behind the screen are often easier to trick, and often allow attackers into networks themselves. Whether via a convincing phishing email, a phone call, or even a persuasive story in person, attackers test every barrier to entry they can find.
Old problem — Going back to basics
The ransomware cases we respond to and investigate daily share a recurring theme: there are simple, and oftentimes inexpensive preventative measures that can be taken before disaster strikes. No matter how technically complicated an investigation becomes as it unfolds, the cause of the incident (the root point of compromise) often stems from something simple. The top five causes of most of the ransomware cases we see in 2021 come from services and systems open to the public internet, faulty account protections, and unsecured email configurations. To cover the basics, here’s what we recommend:
- Keep external systems well-protected and updated, and keep as few services available on the public internet as possible
- Protect accounts with Multi-Factor Authentication and a password manager
- Protect email accounts with gateways that scan attachments before they reach a user’s inbox
Old Problem — Prioritization of insurance
A huge problem we see with SMBs is a lack of cyber insurance, or at least not enough of it. It’s not uncommon for businesses to purchase coverage for what they considered to be the “most likely” scenario rather than the “worst-case” scenario; it’s also not uncommon for a business to simply purchase the minimum amount of coverage required for a specific contract, and not a dollar more. The most likely scenario when considering “good enough” coverage could be a ransomware attack that requires a few hundred thousand dollars to remediate, but insurance of your critical infrastructure shouldn’t be viewed in terms of “good enough.” If you’re insuring a house, you want coverage not just for small kitchen fires, but also in case the whole place burns down. When cyberattacks happen, they can go from “common case” to “worst-case” quickly, and for insurance to truly be the backstop executives believe it should be, it needs to contemplate both sets of circumstances.
New problem — Opportunity
One problem that emerged recently (within the past few years) comes from the attackers themselves. Their tactics have changed drastically since the days of targeting only large companies, armed with hand-crafted malware, motivated by money and perhaps personal vendettas. Today’s attackers unfortunately have a lot more to work with and require a lot less skill to execute attacks than what’s been needed in the past. Ransomware as a Service (RaaS) has revolutionized the cybercrime “industry” by providing ready-made malware and even a commission-based structure for threat actors who successfully extort a company. Armed with an effective ransomware starter pack, attackers cast a much wider net and make nearly every company a target of opportunity.
New Problem — Automated scanning
One of the most common misconceptions related to cyberattacks is that cybercriminals operate by targeting individual companies. While that may still happen to the biggest companies, for SMBs, the cybercriminals most often are targeting an organizations’ vulnerabilities, not the company itself. Cybercriminals often use scanning tools to find any computer in a certain area that has a vulnerability that they know how to exploit. After performing this scan, they may have a list of hundreds, or thousands, of computers that have this vulnerability. Then, one by one, they’ll exploit those vulnerabilities. Only after they’ve exploited that vulnerability and gained access to the network will they find out whose network they’ve actually compromised.
New Problem — Automated scanning
One of the most common misconceptions related to cyberattacks is that cybercriminals operate by targeting individual companies. While that may still happen to the biggest companies, for SMBs, the cybercriminals most often are targeting an organizations’ vulnerabilities, not the company itself. Cybercriminals often use scanning tools to find any computer in a certain area that has a vulnerability that they know how to exploit. After performing this scan, they may have a list of hundreds, or thousands, of computers that have this vulnerability. Then, one by one, they’ll exploit those vulnerabilities. Only after they’ve exploited that vulnerability and gained access to the network will they find out whose network they’ve actually compromised.
New Problem — Automated extortions
According to threat intel compiled by Tetra Defense in May of 2021, a dangerous new tactic being used in the wild is that of automated extortion. Ransomware continues to operate in an organized “Business,” with new attackers by the name of “PayOrGrief” and “MOTOCOS” carrying out the operation through entering a network, often encrypting / stealing data, and threatening to post said data as leverage for a ransom. These two threat actors take an extra step by utilizing automation: PayOrGrief continuously posts data to a leak website and MOTOCOS claims to have a bot handle everything from sample file decryption to payment. This takes the ransomware “starter pack” to the next level by facilitating payments and essentially automating one of the most lucrative cybercrimes.
New Problem — Cybersecurity education at large
The two greatest challenges in modern cybersecurity are the rapidly shifting landscape and the dearth of qualified experts. Despite this rapidly growing industry and the endless demand for new people, cybersecurity struggles to educate candidates due to high barriers to entry. High costs, a plethora of certificates, and time commitments are challenges that continue to elude cybersecurity training in 2021. To face these challenges head-on within Tetra’s four virtual walls, we’re creating TetraU to actively train our new candidates both short-term skills (the technical aspects of cybersecurity that are subject to regular changes and updates) and professional skills (the evergreen communication and management skills to support candidates through their entire career).
Looking Ahead
We can expect these problems, both new and old, both human and technical, to persist well beyond 2021. No cybersecurity solution is 100% foolproof, but as long as organizations educate their users, their IT teammates, and maintain a healthy amount of skepticism, many problems are solved, and better yet, potential attacks are thwarted.