[BreachExchange] Today's Top 10 Security Risks for SMBs

Audrey McNeil audrey at riskbasedsecurity.com
Mon Oct 23 20:45:28 EDT 2017


http://www.foxbusiness.com/features/2017/10/23/todays-
top-10-security-risks-for-smbs.html

There was more data leaked in the first half of 2017 than in all of 2016
combined. The past few months alone have seen the recent KRACK Wi-Fi
vulnerability, malware hidden in Windows cleanup tool CCleaner, and of
course the Equifax breach that put the sensitive information of essentially
every adult in the U.S. at risk of illicit sale and identity theft. When it
comes to securing your network, software, and data from potential
attackers, small to midsize businesses (SMBs) have a lot to worry about.

Security for increasingly mobile and online-focused businesses is a
multifaceted beast to wrangle, and doubly so for SMBs that lack the
dedicated security staff expertise a larger enterprise can afford. Yet,
SMBs also can't let a lack of resources paralyze their technology
initiatives or they risk losing out to the competition. While it might be
daunting to navigate the security landscape without an in-house expert, IT
admins tasked with protecting their SMB can get the job done by paying
particular attention to securing endpoints, encrypting file transfers, and
managing employee devices and permissions. Though, when faced with the
prospect of stymieing an ever-evolving array of attacks and malware,
business security is like a Rubik's Cube that keeps adding sides.

For SMBs, security risks exist both inside and outside the firewall. The
burden falls on both IT managers and business users to avoid compromising
security practices, and to remain wary of and proactive about common
external threats. The following are 10 of the most pressing security risks
SMBs face today, and the steps you can take to best mitigate them.

1. The Pitfalls of BYOD
Mobile device management (MDM) is difficult enough when overseeing data
access and permissions on company hardware. But when employees start
bringing in personal smartphones and tablets under a bring-your-own-device
(BYOD) policy, admin oversight grows exponentially more convoluted. Android
and iOS devices now almost all include enterprise mobility management (EMM)
capabilities around app installation, configuration, and permissions. But
employees and managers should still remain just as vigilant with proper
security practices to accommodate for the element of unpredictable risks
mobile devices bring with them. These risks can including anything from a
stray device compromising a company's virtual private network (VPN) to a
simply scenario in which an employee leaves their unlocked iPhone in a taxi.

The most efficient way of wrangling employee devices is to use a
centralized security console to manage BYOD policies of Android and iOS
devices in one place. These tools also include remote-locking and location
mechanisms to prevent data compromise on lost or stolen devices. Beyond the
security solution, though, your SMB's BYOD policy should be clear and
comprehensive. That is, employees should know what types of data they
should and shouldn't store on mobile devices, be required to set up
two-factor authentication (or biometric authentication) if the hardware
supports it, and set the bar high when it comes to using complex passwords.

2. Voice Recognition Exploits
Siri, Cortana, Alexa, Google Now, and the cadre of other virtual assistants
are ingrained in how users interact with mobile devices today. Addressing
business concerns over BYOD, security researchers have discovered a way for
hackers to remotely control an iOS or Android device through its voice
recognition services without saying a word. If an iPhone or Android phone
has Siri or Google Now enabled, hackers can use electromagnetic radio waves
to trigger voice commands using a technique called remote voice command
injection. For SMBs, it's another attack vector through which
organizational data can be compromised regardless of whether or not a work
or personal profile is loaded on the device.

The good news is that a comprehensive MDM solution will notice if the
remote command triggers any sensitive data downloads and, with a quick
verification ping to the device to determine whether or not the user is
authorized, the IT admin can lock the device down.

3. Cloud-Connected Incursions
We're past the point where cloud platforms are too new or not yet
established enough for SMBs to invest in them. It's nearly impossible for
an Internet-dependent SMB to survive today without a reliable cloud
platform for customers to access from wherever they are and on whatever
device they're using—be it a managed private cloud deployment or a public
cloud platform such as Amazon Web Service s (AWS) or Microsoft Azure). That
said, cloud-based, brute-force, and distributed denial-of-service (DDoS)
attacks are a significant and pervasive threat that can result in
countless, high-profile data breaches. Even AWS isn't immune; the cloud
platform suffered a major outage back in March due to a typo.

The most integral form of protection is end-to-end encryption. There is no
surefire level of encryption but Advanced Encryption Standard (AES) 256 is
a generally accepted standard. Even if your business data is housed within
a secure virtualized environment such as AWS, don't rely on the public
cloud provider alone. A physical and virtual endpoint security solution
that layers an additional level of encryption (while scanning for zero-day
threats and other attacks) is a worthwhile security investment to hedge
your cloud bet.

4. Endpoint Shooting Gallery
While more and more business assets and sensitive data are now hosted in
public, private, and hybrid clouds, don't sleep on protecting the physical
endpoints at which your organization may be vulnerable. Endpoints can mean
anything from on-premises workstations and servers to the corporate
networks that connect physical or virtual servers to mobile and embedded
devices. Through even the smallest opening, hackers and malware can target
employee and customer accounting and financial information, company payroll
data, or intellectual property (IP) information regarding critical
projectsand products core to your business success. To shore up those
endpoints, there are a number of worthy software-as-a-service (SaaS)
endpoint security solutions available. SMBs should look for a service that
can protect all relevant physical machines and operating systems (OSes)
across, Linux, Mac, and Windows, and one with the redundancy and
scalability to eliminate single points of failure.

5. Fortify the Firewall
You know what's better than one firewall? Multiple, interlocking firewalls.
Even in a more cloud-based and encryption-focused security landscape,
firewalls are still an organization's most important line of defense to
prevent malicious attacks. SMBs should deploy secure infrastructure with
numerous levels and redundant systems, including a two-way firewall and an
interconnected intrusion detection systems (IDS) to monitor their network
for suspicious activity, both inside and outside the firewall.

6. All Kinds of Phishing
On average, your customers use far less careful security practices than
your SMB and employees do. Therefore, it's a lot easier for hackers to
infiltrate your infrastructure through your customers; more specifically,
the one transaction that's always present in your relationship: payment.

Online banking and payment services are a prime target of malware and
phishing campaigns, and a data breach could have ripple effects, not only
for the customers and bank but for your business financials as well. Before
hooking into a service, your SMB should vet each third-party banking and
payments service, but it can't be responsible for monitoring every single
one.

We've also seen sophisticated phishing scams hit Gmail and Google Docs this
year, so don't assume that the apps your business uses every day don't
present a degree of danger if you're not careful what you click. Be aware
of spear-phishing attacks as well, in which customer support emails ask you
to change credentials or are sent via fake email addresses to businesses
asking for highly personal customer or employee data. The security service
you choose should include a global threat intelligence network that uses
continuous process monitoring and automated malware detection to mitigate
and control any breaches that spill over into your system.

7. Intruder Quarantine
If a particularly enterprising attacker does manage to get past your SMB's
firewalls and through your advanced endpoint encryption, the most effective
course of action is to triage the compromised files and cut off their air
supply. Your business security solution should be well-stocked with local
and remote quarantine management for both on-premises servers and cloud
storage. If an IT security manager is ready with his or her finger on the
big red button, you can easily jettison the breached compartments on your
SMB train and continue chugging along.

8. PUAs for All
Potentially Unwanted Applications (PUAs), also known as Potentially
Unwanted Programs (PUPs) or adware, are a particularly nefarious form of
malicious file, and they're no longer confined to just PCs. PUAs (and
malware in general) are on a steady rise in Macs, so SMBs running entirely
on Apple products aren't immune from the malicious third-party downloads on
which adware thrives.

While PUAs aren't as critical a security vulnerability as other types of
malware, the ad pop-ups divert attention away from the user flow your site
intended and, in bulk, that can impact revenue. PUAs are also a nuisance to
get rid of, and can take several tries using free adware removal tools or
Mac and PC troubleshooting steps to finally eviscerate. To save your SMB
the trouble, the security solution your SMB deploys should include PUA
detection and remediation tools as part of its malware detection suite.
PUAs are the bedbugs of malware so be sure to invest in a high-quality
mattress protector.

9. A Crypto Ransomware Hostage Crisis
Crypto ransomware has been ravaging Android users for some time. The
ransomware locks devices with randomly generated encryption keys, and
extorts the users for larger and larger sums. Crypto ransomware is growing
more pervasive in complexity and sheer maliciousness, but the bigger
problem is that newer strains have begun targeting SMBs. WannaCry attacked
hundreds of thousands of PCs earlier this year, and Petya spread to 65
countries this summer. New ransomware strains emerge every day.

Crypto ransomware is extremely difficult to remove once a system is
compromised, but SMBs can install so-called "vaccines"that act as an extra
software layer of protection that works in tandem with existing security
infrastructure to "immunize" systems against particular types of encrypted
file attacks. Looking into comprehensive ransomware protection software and
know how to protect and recover should your business ever be targeted or
infiltrated by ransomware.

10. The Internet of Vulnerabilities
The potential of the Internet of Things (IoT) is about far more than
connecting all of the appliances in a consumer's kitchen or living room to
their smartphones or IoT-connected thermostat. For SMBs, the IoT represents
a massive network of connected office and industrial machines, embedded
devices, and connected hardware and software around business operations
(such as manufacturing, shipping, and warehouse management). The biggest
catch with IoT—and the one giving SMBs pause—is its significantly increased
vulnerability to cyberattacks.

The IoT will be a part of your SMB going forward, but deploying this sort
of connected device and machine network shouldn't be done without a
holistic IoT security service in place to make sure your IoT network is
business-ready. Every aspect of traditional infrastructure security—from
firewalls and encryption to antimalware detectors and centralized
management—should be in place and operational before an IoT network ever
goes live. The IoT introduces countless more endpoints for an SMB to keep
secure and make sure each is encrypted and monitored.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171023/751956c0/attachment.html>


More information about the BreachExchange mailing list