In this guide we will talk about cybersecurity for small-network operators.
I often expect to see cybersecurity news, with dramatic headlines vying for my attention across print, electronic, and social media. It’s easy to think that cybersecurity exploits are mainly a problem for mid-sized and large companies.
But that’s no longer the case.
While larger companies have traditionally been prime targets for cyber attackers, the damage from these attacks is now hitting closer to home, affecting home networks and microbusiness users.
I might still hold outdated beliefs about cybersecurity and how to maintain it. In fact, the federal government has started collecting data on cyberattacks targeting small businesses. The days when small-network operators (SNOs) could ignore cybersecurity threats are over. It’s time for me to wake up and pay attention to the FBI data.
What is cybercrime risk? It’s the probability that hackers or cyber attackers will use advanced software techniques to get into your data or disrupt your business or personal devices.
Given the uncertainty and concern that cybercrime produces, you’d expect a good amount of security-related awareness and concern among all businesses. But you’d be wrong. When it comes to microbusinesses, there’s little awareness and concern in the U.S.
Several of our guides have focused on the IT operations of families, solo practitioners, microbusinesses, and smaller professional practices. These groups include 10 or fewer people and operate small networks connected to the internet. In our lexicon, that makes them SNOs.
Statistics show that SNO security concerns differ from those of larger companies. There’s a lot of cybercrime activity, but there’s far less concern in smaller companies.
For example:
Source: FCC
This odd indifference to security awareness and concern reflects unusual circumstances and belief in security-related myths.
During the height of the pandemic, Google blocked as many as 18 million pieces of COVID-themed malware and phishing emails every day. It takes just one virus or bit of bad email to get through the filters and convince a remote worker to click a link. And voila! An organization of any size must deal with the prospect of a crippling ransomware outage.
Also, most micro-businesses and individuals don’t realize they are cybercrime targets. It’s easy for small-network operators to assume that they are safe from attack because their business uses antivirus software and other security controls.
This mistaken idea is part of strange mythology, which includes ideas such as:
If that were ever true, it isn’t now. Changes in technology and cyberattack methods have changed this. Everyone with a credit card or healthcare program can contribute to cybercrime returns. Cyber attackers can make money from hacking individuals whose user credentials are a primary target. When individuals are compromised, attackers can access corporate systems, hijack computers and web servers for botnets, and commit fraud using stolen online identities.
Our research into dark web market prices released that he most-often sold items are those of individuals or small businesses.
There are many reasons why cybercrooks view SNOs as easy pickings. They include:
Technology also plays a role in tipping the balance of modern cybercrime in favor of the bad guys.
Two quiet but significant changes in IT changed the security landscape for SNOs. These include the following:
Big data speed and volume. Several years ago, when companies commercialized big data analytics products and services, the ability of internet-connected devices to process huge volumes of data was a big part of the sales pitch.
Now, cybercriminals use high-speed, high-volume processes in a new way: to quickly gather valuable assets such as credit card numbers and healthcare data from many locations. Given the increasing value of the data—not to mention the higher information processing volume and speed—it all adds up. Before you know it, you’re talking serious money.
Monetizing via device control. But where does the money come from? Cyberattackers engage in inbound attacks when they breach a home or micro business network to target connected devices such as desktop computers, baby monitors, security cameras, and game consoles via the internet.
In outbound attack scenarios, bad actors use an inbound attack to control any number of home-based, internet-connected devices. Then, the cyber crooks use these devices to remotely put the captured IoT devices to work—for themselves. The exploit can be a DDoS, malware, or Trojan attack. The goal: overpower an asset that can generate cash or perform a task such as overpowering a utility grid.
In each case, the devices (bots) capture and automate the ability to obtain sensitive information, intercept communications, or launch attacks against other external targets, hundreds and thousands of devices at a time. And did I mention that AI often guides the process to ensure smooth command and control? Does it sound like science fiction? I thought so too, until Princeton IT security researchers simulated an army of botnet devices attacking a power grid.
Cybersecurity attacks have always mattered to their victims, whoever they might be. They are real events that cause real pain and business damage. But now, statistics show that cyberattacks are getting personal—they involve small businesses and individuals. These losses include personal identity theft, lost proprietary information, business recovery costs, and business reputations.
What happened? Why do cyber attackers bother with the little guy? Until recently, the financial gain wasn’t worth the effort of dealing with small “accounts.” The ability to operate high-speed, high-volume data searches for personal and business information has become a new type of data analytics operation.
When analysts reviewed home network activity in 2017, there was a 3:1 ratio of outbound attacks to inbound attacks. Three times more home devices were being used to attack the internet.
Helps to finance cybercrime infrastructure. This is the main reason why SNO-level cybercrime matters. It’s possible to combine the returns of many small exploits to finance larger cybercrime operations such as ransomware and crypto mining (the shady if not illegal practice of using other people’s electronic assets to generate cryptocurrency).
Is it possible to reduce the risk of cybercrime in a truly small business? After all, SNOs have ten or fewer employees. It’s where money doesn’t hang on trees, and resource allocation decisions are often hard to make. Usually, the “IT Manager” also wears one (or more) hats. IN other words, there’s only so much time, effort, and money to address a problem that might turn out to be high-quality guesswork.
There is an answer to the question, “What does it take to protect my business from cyberattacks?” If you regard security as absolute (reducing risk to zero), you’re out of luck. Risk will never go away. But what if you want to minimize the risk to a point where cybercrooks give up on your network ops and look elsewhere for easier pickings? Yes, you can do that. In general, your message would have to say:
“Go away. Despite my network’s small size, I run serious security operations here. Find someone who isn’t as determined, consistent, and security-savvy as I am.”
It’s difficult to say exactly what would work because best practice recommendations for SNOs, hardware tools, and software are changing. But generally, a persuasive approach would include:
Setting up and maintaining even a modest security effort will take more time, effort, and cash than you would like. There is an alternative, however—a third-party security service. (We will take a detailed look at this possibility next time.)
When you read the following list of cyberthreats, don’t be discouraged. Yes, the list is long, but so is the list of ways to reduce that risk. When I write about cybersecurity, the same recommendations repeatedly show up (I bet you’ve noticed that.) So, here’s a list of preventive measures which will cut the risk of most SNO cyberattacks:
Notice that most of these guidelines involve behavior—yours. The others (firewall and phishing toolbars are available at no cost online. But let’s review the major network cyber threats and what it takes to reduce the risk of each of them specifically:
Reduce phishing risk by following the general guidelines above, especially phishing toolbars.
Reduce virus risk by following our general recommendations listed above.
Reduce the risk of fake antivirus software by following the general guidelines listed above. In addition:
Ensure that you’re leaving no gaps in your security protection by:
The burly, big brother of denial of service (DoS) exploits, DDoS attacks use up to thousands of internet-connected devices (bots) to carry out complex attacks on everything from e-commerce sites to utility grids. They create damage directly by stopping service to online users or by providing cover for other types of damaging attacks.
Reduce the risk of DDoS attacks by following our general guidelines. Then, consider increasing your network bandwidth and signing up for cloud-based network support services.
Reduce risk of man in the middle attacks by following our general guidelines, especially the recommendation of acquiring a good VPN.
Often, when you allow the software to change your OS, a rootkit installs itself on your computer and waits for a malicious actor to activate it. Then cyberattackers can log keystrokes, steal passwords, and disable antivirus software, usually with users unaware that malware is present.
Reduce rootkit risk by avoiding their underlying causes—phishing emails, malicious links, suspicious files, and downloading software from suspicious websites.
Why do Small Network Owners (SNOs) often overlook the potential disruption and damage to their operations from cybercrime? Likely, they have not been directly exposed to instances showcasing the disruption and financial toll of cybercrime on microbusinesses.
Most of what we read and hear tells the story of someone else’s problem. Well, that’s changed. Now, it’s time to remember that:
If you hear someone claim, “But I don’t have the time, money, or staff to secure my MNO,” remember you don’t have to be a cybersecurity victim. Energy and resourcefulness can fuel a successful SNO security program.