Running a company in today’s business environment is highly challenging. From residual issues left over from COVID-19 to ongoing trade wars and supply chain disruptions, these challenges are even harder on small and medium-sized businesses (SMBs) due to their size and often limited resources.
In addition to these disruptions, nothing is as dangerous to businesses as the threat of cybersecurity breaches. Studies have shown that cybercriminals can penetrate up to 93% of all company networks. And alarmingly, only 50% of all SMBs have a cybersecurity plan.
To further put these statistics into perspective, here are some of the top cybersecurity threats facing businesses today.
Top 5 Threats in Cybersecurity
Weak passwords may be easier to remember than long, complex passwords, but they’re a significant threat. In 71% of companies, easily guessed or broken passwords are the main route into their network. This is especially true for SMBs where multiple cloud-based systems and overlapping or shared accounts are common.
Social engineering relies on people’s tendency to interact and provide the right information to the right people. This broad category includes many tricks to get users to divulge information by pretending to be coworkers, clients, customers, or vendors. Social engineering threats include:
- Pretexting – Impersonating a trusted source that targets feel is ok to share data with.
- Baiting – Physical media such as “free” flash drives and other devices that infect a system.
- Scareware – False alarms that make targets believe they’re at risk of attack.
- Phishing – Sending an email formatted to look as though it came from a legitimate source.
- Spear Phishing – Highly-focused phishing aimed at specific individuals or groups within a company.
Malware and Ransomware
Malware has been around for a long time. It’s installed to slow down processing speeds, delete data, steal information, and more. It’s the second most common threat to businesses. Ransomware has gained a lot of publicity lately and is a growing threat.
Ransomware locks data, so the owner cannot accept it in their system. The data owner must pay a “ransom” so the attacker will release the data. There is no guarantee the attacker will do so after receipt of funds, and even then, the likelihood is high that other programs like malware will be left behind.
Once attackers have gained access to a system, the company’s client list, contact information, financial data, and other sensitive data may be accessible. It’s also possible that database exposure can occur accidentally.
Companies are struggling to maintain pace with the latest cybersecurity threat mitigation, and losing a single update may expose them. Likewise, in many small businesses, even though a minimal layer of protection may be in place, SMBs often allow employees to add software or don’t police the practice, leaving a possibility for database exposure.
Man in the Middle Attacks
These attacks take advantage of the ease of use of internal communication channels. These channels are often third-party software with chat, video, and messaging functionality. By gaining control of the method of communication, the attacker can see all traffic on the network. That can lead to them acquiring other entry methods; they may steal passwords shared over the communication channel, sensitive marketing information, proprietary information such as drawings and sketches, or financial data sent as an attachment to a chat message.
Resources for New Businesses
Dealing with the day-to-day operations of managing a business and scaling for growth is hard enough. Many business owners find that while learning new skills for running their business, they have little time or no skillset to understand how to protect their business from cybersecurity threats.
The Henry Bernick Entrepreneurship Centre (HBEC) at Georgian College provides mentorship, guidance, connections, and other services for new and growing businesses. Our programs help entrepreneurs look at their business holistically and plan for their unique reality. We can help you understand the threats your company will face and how to respond to them.
Contact us today to see how our programs can help you plan for inevitable cybersecurity concerns.