Cybercriminals are constantly adapting their techniques, making it necessary for organizations to remain on alert Credit: alexsl Barely a week goes by without news of yet another cyberattack and the subsequent theft of sensitive data. Today’s cyberthreats have become increasingly sophisticated. Despite continued employee education around phishing emails, small businesses can never let their guard down. For example, attackers are upping the ante around phishing. One technique being used is machine learning to quickly create and distribute realistic fake messages, in hopes of getting recipients to unwittingly compromise their organization’s network and systems, according to Michelle Moore, PhD, academic director of the Master of Science in Cybersecurity Operations and Leadership program at the University of San Diego. Phishing attacks are also becoming more automated. This is creating an opportunity for “more unsophisticated and malicious cyber actors [to enter] into the cybercriminal ecosystem,’’ as per Connecticut’s Public Utilities Regulatory Authority, which says cyberthreats targeting utilities in the state are increasing and growing more sophisticated. Similarly, ransomware has become more intricate. A relatively new trend: hackers demanding their ransoms be paid anonymously, thanks to the growing popularity of cryptocurrencies like bitcoin. However, in many cases, it’s not that the methodology is new, but that attackers have adapted and improved their techniques, notes Candid Wüest, Vice President of Cyber Protection Research at Acronis. “For example, we have seen that phishing emails increasingly make use of trusted cloud services like Google Docs to send their spam messages,’’ Wüest says. “Personalizing the email with data from previous data breaches is also a common method to increase the click rate.” “The hard reality,” he continues, “is that many small businesses only discover that they have been compromised when it is too late.” By the time you receive a ransomware demand, or start getting customer complaints about strange malware-laden emails, the damage is already done. Unfortunately, “the majority of small companies do not have holistic monitoring in place,” says Wüest. “Even if they do have the visibility, they don’t have the resources to manually analyze and follow up on each alert.” How small companies can respond Small businesses have moved workloads and data to various cloud services during the pandemic, yet they often don’t fully understand all the interactions and dependencies within these complex environments, Wüest says. This is where it’s useful to find an external partner who specializes in cloud services. There are also some key steps small businesses can take to protect themselves from a cyberattack. First and foremost, data must be backed up, regardless of where it resides. Secure your network and all the devices that connect to it. If you’re not already using a firewall, consider installing one. It’s also important to regularly update the software — anti-malware and otherwise — on each of your business’ computer systems. Other steps include encrypting sensitive data, using multi-factor authentication, and systems monitoring. It is imperative that you train your staff on how to stay safe online. Don’t think of it as a one-time occurrence. Training and conducting simulations should be ongoing. This requires staying up to date on the latest cyberthreats. Small business can search online security vendor sites and trade publications to stay educated. Mitigating them is of course, another matter. If your business doesn’t have internal security expertise, find a security-focused managed services provider that does. With the average cost of data breaches now in the millions of dollars, proactive protection is more than worth the investment. Click here to discover how to protect your business against the top Cyberthreats with Acronis. Related content brandpost Sponsored by Acronis Questions that every business should ask managed services providers Ever-evolving cybersecurity threats and infrastructure complexity can make it difficult for small IT teams to keep up. Managed services providers can help. By Esther Shein May 06, 2022 3 mins Business brandpost Sponsored by Acronis SMB Best Practices: Questions to Ask Before Contracting With a Security Services Provider Do your due diligence and research around how managed security services providers protect your data and your business. Here are considerations to take into account. By Esther Shein May 06, 2022 3 mins Security brandpost Sponsored by Acronis Small Business Best Practices: How to Convince Your Boss to Invest in Cybersecurity ] Security threats are rising, but you’re struggling to get a bump in your security budget. Here are some strategies to prove investment is necessary. By Esther Shein May 06, 2022 3 mins Cyberattacks brandpost Sponsored by Acronis The SMB Guide to Securing Employee Personal Devices Employees want to use their personal devices for work, and while it may save on the IT hardware budget, it can create security risks. By Esther Shein May 06, 2022 3 mins Employee Protection Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe