Most of the time, large enterprises grabs the media attention when they are hit by cybercrime. And, this is a sad but true fact that most cyber-attacks which happened last year targeted small enterprises with less than 250 employees. Cybercrime is growing day-by-day and unfortunately it’s a huge business. It is being projected that by 2021 it will cost the world about 6 trillion dollars. As a small business owner, you might have a lot of responsibilities on your shoulders but you can’t take cyber-attack for granted. Specifically, if you are operating majority of your business online.
Let’s have a look at some shocking cybercrime statistics in 2019
- According to Verizon report “2019 data breach investigations report” nearly 43% of cyber-attacks target small businesses.
- “Verizon” report also mentioned the methods which cyber criminals are using to commit the cybercrime. So, almost 52% breaches are coming through hacking, 33% from social attacks, 28% from malware and 15% from misusing the authorized file.
- As per “Jupiter research” report, cost of data breach the end of 2019 is estimated to be $2 trillion.
- Cyber-attacks hiked from 40% in 2018 to 55% in 2019.
- As per Symantec’s “2019 internet security threat report”, out of 323 mails 1 mail is found to be malicious.
- Education Industry reported 670 cases since 2016 of cyber-attack, as per “K-12 cyber incident map”.
- Cyber security ventures” predicts that in every 14 seconds there will be a Ransomware attacks in 2019
There are many faces of cyber-attack and each one of them can harm your small scale business in different ways. So let’s read some of the biggest threats to your business.
From the last few years, Ransomware has become a huge threat not just for small enterprises but also for medium and large scale enterprises. You might not have face it until now, but you must have heard of it. Ransomware is a type of malware from cryptovirology (a field that studies on cryptography for making malicious software) in which your personal/professional computer or any other electronic device is locked typically by encryption. You have no access to your data and personal files. In this case, your data is just like a hostage. Hackers can access or hold your data for as much time as they want and as the name suggests you have to pay the ransom to get it release. In this dilemma, the user has to choose between losing data and paying ransom.
Some symptoms of Ransomware attack:
- Some of your files won’t open.
- Missing files from your database which existed a short while back.
- Locked computer.
- Locked web browser.
- Encrypted files.
- Malicious mails.
After Ransomware, phishing is considered as a huge threat to small businesses. Every enterprise these days rely on emails just like yours and hackers have made email a deadly weapon against your business. The entire attempt of phishing is to gain information related to your credentials or any other confidential information.
Phishing attack starts with an email and the purpose of that email is to make the recipient believe that the message is related to their want or need. Once you open that email and click on the malicious link, automatically a malware gets installed in your system.
These emails are designed in such ways that anyone can trust them and have curiosity to open them. Phishing attacks can also be in form of instant and text message. These are some old practices from the 1990’s but are enough potent even today.
Some symptoms of phishing attack:
- Email from the foreigner, asking for money so they can travel back home.
- Email from well reputed news organization with half a content of breaking news story and asking you to click “Read More” for full story.
- Email from government agencies asking you to check your bank deposit and insurance coverage immediately by clicking malicious link.
- Email about some complaint which has been registered. Though you hadn’t registered any complaint.
MITM occurs when a hacker attacks on your communication and network servers. MITM is considered as a clean and a smooth attack. Now suppose, you had a telephonic conversation with your client and that conversation is completely sensitive and private.
After the call, you received an email which claims it will leak your sensitive info, which you just shared. In these attacks, hackers can hack your reliable and trustworthy networking channels. That’s why this attack is known as Man-In-The-Middle-Attack
The typical targets of these attacks are financial enterprises, SaaS businesses and e-commerce sites. Information in these attacks could be used for multi-purpose role from unapproved fund transfer to changing your password.
Some symptoms of MITM attack:
- Popups on your browser screen asking for credentials.
- Open or public wi-fi network with a strange name.
- Twin network with almost similar name (Joe’s Pizza WI-fI and Joe’s Pizza WI-FIJOIN)
- Fake updates for software.
- Error messages.
An unintentional download may lead to certain loss and if I tell you that drive-by download attacks are the primary source of unintentional download. That might be horrifying!
A drive-by download attack occurs when a malicious code is unintentionally downloaded in your computer system and mobile devices. Even if you have not clicked on any suspicious Download Now button or on any links attached in emails. But, it can still infect your system.
Cybercriminals always look for an insecure website to plant a malicious code in one of the website pages or into your HTTP. A malicious script then gets automatically downloaded into your system with a malware or if anyone opened up that infected page, then that code will get downloaded in their system as well. This is just like a chain reaction.
In some worst cases, Malicious code takes a face of IFRAME that will lead you to a website controlled by the hacker. These kind of activities are also known as the silent attack. Some victims experienced that even after security researcher audited, they didn’t able to find any root cause and a solution to overcome.
Some symptoms of drive-by downloads:
- Popups on your screen one after another.
- Your website keeps redirecting to another website.
- API calls for different plugins.
As a small business owner, you must know the value of database. Every day hackers try to re-invent or innovate new methods for getting access to databases for obvious reasons.
One of those illicit practices is known as SQL injection. SQL (Structured Query Language) injection occurs when a hacker inserts a malicious code into your server that use SQL. Basically, SQL is a programming language that is used for communication with the database. That’s why hacker prefers those servers which are SQL enabled.
The problem starts when infected server stores the information of customers. This information could be anything i.e. personal info, credit card numbers, user id or password.
Some symptoms of SQL injection:
- Mail from suspicious person asking for structure of your SQL query.
- Unusual queries about database information.
- Loss of data.
- Database compromise.
- High error rate in database.