12:00 PM
Connect Directly

Midsize Businesses Prove Easy Attack Targets

Basic security practices could protect small- to midsized businesses from cybercriminals looking for low-risk, high-reward targets.

The greatest security threats aren't necessarily the most complex. Basic attacks pose the greatest risk to small- and midsized businesses (SMBs) as attackers realize they don't need advanced methods to exploit victims.

This is one of the findings in the 2016 Midmarket Threat Summary Report from the eSentire Security Operations Center (SOC), which detected nearly 5 million attacks across multiple industries. It found SMBs are often victims of cybercriminals seeking low-risk, high-reward targets.

"What we're seeing from the data, the majority of attacks are not sophisticated," says Viktors Engelbrehts, director of threat intelligence at eSentire. "They are really basic, and [attackers] are using basic tools as a means to achieve objectives."

The most frequent threat categories were intrusion attempts, information gathering, and policy violations, which collectively represented 63% of all observed attacks. Intrusions, primarily web attacks, marked the top threat category at nearly 30% of all events.

"It's the most logical entry point apart from users," says Engelbrehts of web intrusions, where attackers have recognized the benefit of a larger attack surface. "It's always easy because you have millions of web applications with poor security controls."

Cybercriminals don't need to use sophisticated malicious code attacks when methods like ransomware can successfully exploit "low-hanging fruit" and web applications are written without security in mind. Only 12% of detected attacks involved malicious code, indicating a growing preference for inexpensive and automated strategies.

Interestingly, this research discovered timing may also affect whether or not your organization is breached. "Seasonal correlation was a surprise," admits Engelbrehts. Attacks rose between March and April, fell in June and July, and picked up again in September and October.

While he could not give a definitive reason for this, Engelbrehts noted there are several factors that could affect timing of attacks. Announcements about a breach, or the prosecution or indictment of cyberattackers, could influence activity.

Rudimentary attacks are expected to remain a threat so long as these techniques are effective. The problem is, cybercriminals know where they're mostly likely to find success -- and their top targets don't know how to defend themselves.

"Unfortunately, security is not generally a strong side," says Engelbrehts of SMBs. "Traditional small businesses don't have resources, don't have personnel, don't have expertise."

Large corporations have been targeted, and many have been breached, for years and can afford the right security measures. Major banks may prove attractive targets but might also require attackers to procure a tremendous amount of resources to be successful.

Businesses that fail to implement basic security best practices will continue to be vulnerable.

Many organizations, driven by a combination of hype and fear, have tried to solve security problems by "checking boxes" in recent years, says Engelbrehts. This tactic provides temporary relief but doesn't work in the long term without a strong foundation.

The answer is in basic security hygiene, he explains. If you're using web servers and web applications, check to ensure you're running the latest version. Realize passwords are guessable and don't use weak or default credentials. Enable two-factor authentication where possible.

"The majority of attacks could have been prevented by applying common best practices," he emphasizes. "That's the key message here."

Related Content:

Kelly Sheridan is Associate Editor at Dark Reading. She started her career in business tech journalism at Insurance & Technology and most recently reported for InformationWeek, where she covered Microsoft and business IT. Sheridan earned her BA at Villanova University. View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.