Digital Pandemic: Hackers Are Increasingly Targeting Small And Medium-Sized Businesses

Digital Pandemic: Hackers Increasingly Target Small And Medium-Sized Businesses

Cybercriminals are buying credentials on password marketplaces on the dark web, warns Sandra Rios, Head of LastPass Business.

The coronavirus has triggered a “digital pandemic”. Many small and medium-sized enterprises (SMEs) have used the pandemic to review their security measures. Yet their protection is inadequate in many places: according to a study conducted by IDC on behalf of LastPass, the home office trend is impacting security at 98 percent of companies – particularly through unsecured mobile devices and poor password handling. Companies can no longer rely solely on pre-pandemic protocols, policies and infrastructure: Hackers are taking advantage of the new vulnerabilities and are increasingly targeting SMEs.

In the process, some hackers are getting more creative and tricking security experts. Others rely on attacking unforeseen targets with simple and proven methods. Social engineering attacks in particular have increased. According to the LastPass study, the majority of organizations (83 percent) have experienced security incidents resulting from compromised passwords or phishing. The Infosec Institute sums up this threat this way, “The attacker doesn’t hack in. He logs in – with your credentials.”

Recurring problem: weak passwords

Not only in private life, but also in the workplace, careless use of passwords is a consistent problem. Since employees often have difficulty remembering more than 50 passwords, they resort to using the same passwords for multiple accounts. In a 2019 Google survey, 65 percent of respondents reported using passwords multiple times. According to the LastPass study, this affects SMBs the most: In 32 percent of smaller companies, employees struggle with too many passwords. In fact, everyone knows that a strong password consists of at least 16 characters and contains both upper and lower case letters as well as numbers and symbols. But the reality is often different.

In addition, cybercriminals can buy lists of usernames and passwords on more and more password marketplaces on the dark web. Using the so-called “spray and pray” principle, they try to gain access to accounts through automated login attempts at services such as Google or Microsoft 365 – and often leave no trace. Therefore, in addition to secure one-time passwords, use a monitoring service for the dark web.

Taking the right measures

According to a study by the BSI, 26 percent of respondents describe the damage caused to companies by a cyber attack as “very high” or even “threatening their existence.” The high costs are not the only problem. Successful attacks can also affect day-to-day business or damage a company’s reputation. Investments in cybersecurity are therefore becoming increasingly important: according to the BSI, 81 percent of companies intend to offer regular security training for employees. Particular attention is paid to remote employees, such as VPN (66 percent of mentions), encryption of data carriers (65 percent) and mobile device management (38 percent).

Of concern, however, is that nearly one-third of organizations say a small business does not need solutions such as single sign-on (SSO) and multi-factor authentication (MFA). And yet, every business, regardless of size, is a potential target for cybercriminals.

To ease the burden on employees, companies should deploy identity and access management solutions. In particular, implementing a password manager is an easy-to-implement, user-friendly and highly effective measure. Users can create and store secure passwords. When visiting a known website, the credentials are then filled in automatically. At the same time, password managers play an important role in warding off potential attackers. According to IDC analysts, 45 percent of companies already use a password manager or an EPM solution (Enterprise Password Management).

Conclusion

The new working models increase flexibility and agility, even for SMEs. To counter rising security risks, they need to deploy the right identity and access management solutions. What is needed are comprehensive and user-friendly solutions that enable employees to do their work securely from anywhere – regardless of the size of the company.

 

Sandra Rios, Head of LastPass Business

Sandra Rios, Head of LastPass Business