Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


12:00 PM
Connect Directly

Midsize Businesses Prove Easy Attack Targets

Basic security practices could protect small- to midsized businesses from cybercriminals looking for low-risk, high-reward targets.

The greatest security threats aren't necessarily the most complex. Basic attacks pose the greatest risk to small- and midsized businesses (SMBs) as attackers realize they don't need advanced methods to exploit victims.

This is one of the findings in the 2016 Midmarket Threat Summary Report from the eSentire Security Operations Center (SOC), which detected nearly 5 million attacks across multiple industries. It found SMBs are often victims of cybercriminals seeking low-risk, high-reward targets.

"What we're seeing from the data, the majority of attacks are not sophisticated," says Viktors Engelbrehts, director of threat intelligence at eSentire. "They are really basic, and [attackers] are using basic tools as a means to achieve objectives."

The most frequent threat categories were intrusion attempts, information gathering, and policy violations, which collectively represented 63% of all observed attacks. Intrusions, primarily web attacks, marked the top threat category at nearly 30% of all events.

"It's the most logical entry point apart from users," says Engelbrehts of web intrusions, where attackers have recognized the benefit of a larger attack surface. "It's always easy because you have millions of web applications with poor security controls."

Cybercriminals don't need to use sophisticated malicious code attacks when methods like ransomware can successfully exploit "low-hanging fruit" and web applications are written without security in mind. Only 12% of detected attacks involved malicious code, indicating a growing preference for inexpensive and automated strategies.

Interestingly, this research discovered timing may also affect whether or not your organization is breached. "Seasonal correlation was a surprise," admits Engelbrehts. Attacks rose between March and April, fell in June and July, and picked up again in September and October.

While he could not give a definitive reason for this, Engelbrehts noted there are several factors that could affect timing of attacks. Announcements about a breach, or the prosecution or indictment of cyberattackers, could influence activity.

Rudimentary attacks are expected to remain a threat so long as these techniques are effective. The problem is, cybercriminals know where they're mostly likely to find success -- and their top targets don't know how to defend themselves.

"Unfortunately, security is not generally a strong side," says Engelbrehts of SMBs. "Traditional small businesses don't have resources, don't have personnel, don't have expertise."

Large corporations have been targeted, and many have been breached, for years and can afford the right security measures. Major banks may prove attractive targets but might also require attackers to procure a tremendous amount of resources to be successful.

Businesses that fail to implement basic security best practices will continue to be vulnerable.

Many organizations, driven by a combination of hype and fear, have tried to solve security problems by "checking boxes" in recent years, says Engelbrehts. This tactic provides temporary relief but doesn't work in the long term without a strong foundation.

The answer is in basic security hygiene, he explains. If you're using web servers and web applications, check to ensure you're running the latest version. Realize passwords are guessable and don't use weak or default credentials. Enable two-factor authentication where possible.

"The majority of attacks could have been prevented by applying common best practices," he emphasizes. "That's the key message here."

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/22/2020
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-05-24
ffjpeg through 2020-02-24 has an invalid read in jfif_encode in jfif.c.
PUBLISHED: 2020-05-24
ffjpeg through 2020-02-24 has a heap-based buffer over-read in jfif_decode in jfif.c.
PUBLISHED: 2020-05-24
ffjpeg through 2020-02-24 has an invalid write in bmp_load in bmp.c.
PUBLISHED: 2020-05-24
Jason2605 AdminPanel 4.0 allows SQL Injection via the editPlayer.php hidden parameter.
PUBLISHED: 2020-05-24
SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c.