3 Biggest Cybersecurity Threats Facing Small Businesses Right Now
The 10 Most Prominent Cyber Security Leaders Empowering Innovation in 2020

Technology has quickly engulfed the
world around us. Everything we do, both at a business and personal level, seems
to involve technology in one way or another. However, as that happens, small
businesses continue to be a top target for hackers, with the number of
organizations hit by cybercrime rising each year. According to The Ponemon
Institute’s 2017 State of Cybersecurity in Small & Medium-Sized Businesses
report, 61 percent of businesses experienced a cyber attack in 2017, signifying
a 6 percent increase from the previous year’s 55 percent. Data breaches
were up to 54 percent from 50 percent in 2016.
This year promises faster internet,
more connectivity, and unfortunately, more cybersecurity threats. Threat
Horizon 2018, from the Threat Horizon series by the non-profit association
Information Security Forum (ISF), shows that with the growing
connectivity, there will be an increase in the information security threat
landscape.
1. Internet of Things (IoT) leaks.
As real-time data collection becomes increasingly
important, the IoT is growing too. From monitoring traffic and collecting
real-time patient information to optimizing the uptime of industrial
equipment, organizations are massively acquiring IoT devices. However, these
devices aren’t always secure. This creates a potential backdoor into the
organization, warns the ISF.
IoT works so great because it’s comprised
of dozens of devices that hide in plain sight. Be it alarm systems, GPS, web
cameras, HVAC or medical devices, such as pacemakers, it’d be hard to guess
which of these devices are even connected to the internet in the first place.
But since IoT devices lack built-in security, they are often easy targets by
hackers.
Attackers usually use automated programs to
locate IoT devices. Once located, attackers attempt to connect to the device
using the default admin credentials. And since most users don’t change them,
this is usually a success for the attacker. Once in, the hackers can easily
install malware, basically taking the system under their control.
Daniel Soderberg, CEO of EyeOnPass, advises
changing all passwords immediately when you acquire a new device. “I wouldn’t
operate any device with the default password,” he warns. “Default passwords are
usually printed and freely available, exposing the user to all manner of cyber
dangers.”
2. Opaque algorithms.
The Threat Horizon 2018 report also warns
of the increasing using of algorithms. As organizations continue to fully trust
algorithms with the operation and decisions concerning critical systems, the
report says, they lose the visibility into the functioning and interaction of
their systems.
The lack of proper and transparent
interactions between algorithms poses a security risk in case unintended
interactions betwee n algorithms create incidents — like the U.S. Treasury
Bonds “flash crash” of October 2014 that saw bond yields drastically drop
briefly before the algorithms corrected themselves.
“We know they’re going to do some quirky
stuff from tim e-to-time,” says Steve Durbin, managing director of the ISF.
“You need to understand some of the exposure you have to algorithmic systems.
We’re building more and more of our systems on top of algorithms — industrial
control, critical infrastructure. There’s an increasing risk in this space we
need to be addressing.”
To be able to manage these risks,
organizations need to have a human monitoring the execution of operations and
decisions often left to algorithms. The report advises organizations to know
the risks that come with algorithm-controlled systems and know when to involve
a human. Also, they must update their code maintenance policies and identify
alternatives to treating algorithm-related incidents, especially when insurance
isn’t an option.
3. Security researchers are being
silenced.
Security researchers are often the
whistleblowers. They impart knowledge about digital vulnerabilities, making
sure systems are secure and users’ data remains in the intended hands. When
they are silenced, either by the government or private companies, it’s often a
loss for all users.
With software replacing hardware in most
major sectors, users and businesses depend on researchers to unearth
vulnerabilities and make them public as part of ongoing efforts to improve
security.
However, lately, manufacturers have been
responding to such actions by taking legal action instead of working with the
research to fix those vulnerabilities. The ISF predicts that this trend will
only grow; exposing customers to vulnerabilities that manufacturers have
decided to hide rather than fix.
To protect themselves, the ISF advises
technology buyers, which include small businesses, to insist on transparency
during the procurement process. It advises manufacturers to take it more
positively when vulnerabilities are found within their systems by rewarding the
researchers rather than attempting to punish them.
Considering that a researcher might find a
vulnerability in a tool in 2018 and not report it, it’s imperative for the
small business owner to take a step further in protecting themselves, even if
it means working with other business in order to come up with an affordable
solution.
Transparency is key.
When it comes to security, transparency has
a great role to play. But this part has long been left for the security
professionals. If all users reflected some degree of transparency, security in
the cyberspace would be easier to achieve. If the non-technical managers and
leaders understood the impact of good and poor protection, they would use the
cyber assets they have more responsibly. Employees would be more careful about
the devices they introduce to the network.
As the busines s owner, it’s your job to
carefully manage the inventory of the connected IoT devices. “Some things have
internet capabilities that you didn’t ask for and will never use,” says Leon
Adato of SolarWinds adding that any devices that don’t need to be connected to
the internet should be disconnected.