5 types of cyberattacks that SMBs experience most often

5 types of cyberattacks that SMBs experience most often

As more and more businesses embrace technology to boost efficiency and productivity, fending off digital threats is becoming more important. Cybercriminals are always waiting in the wings and ready to pounce at their next victim, and they will do everything to steal personal and financial information from unsuspecting people.

It is estimated that cybercrime costs the Canadian economy between $3 and $5 billion annually. With this in mind, neglecting network security can have costly damages to your system and even shut your company down for good.

Here are five types of cyberattacks that endanger small- and medium-sized businesses (SMBs):

#1. Phishing

Phishing is a method that usually involves an innocuous-looking email that appears to be from a legitimate entity. It utilizes social engineering tactics to create a sense of urgency in the victim.

For instance, one of your employees might receive a message seemingly from a bank. Typically, it would tell the recipient that their account has been locked, and in order to reverse this, they need to verify their account. They are then prompted to click on a link within the email.

Once the rogue URL is opened, the recipient will be greeted with seemingly harmless form that asks for details such as name, birthdate, address, and bank information. These are then transferred to cybercriminals who will use them for identity and credit card theft.

To mitigate phishing attacks, treat every email with suspicion. Don't click on any links unless you've verified the message's authenticity.

#2. Distributed denial-of-service (DDoS) attacks

This is a popular attack where a hacker enlists thousands of different computers to target an internet-accessible system and flood it with connection requests. Eventually, the traffic will become too much to handle and the system will crash and is therefore taken down. This can be dangerous to your company, because if your website, email, or other system becomes unavailable, there will be no way for your customers to reach you.

Enabling specialized protection on all of your web-accessible servers can prevent DDoS attacks, and this can be done by limiting certain network traffic or utilizing IP loggers.

#3. Malware

From keyloggers and worms to adware and spyware, there's no shortage of malicious software that can damage your business infrastructure. Earlier this month, St. Francis Xavier University in Nova Scotia had to shut down its entire network for four days to fend off a malware attack. No personal data was breached, but the downtime and notifications sent to users did a number on the university's reputation.

Moreover, according to data compiled by SCORE, almost half of cyberattacks are directed at SMBs, with macro viruses causing the most damage.

Ransomware is also becoming increasingly dangerous, with every strain becoming more complicated than its predecessors. The Sophos 2019 Threat Report finds that targeted ransomware attacks have surged in 2018 and are earning cybercriminals millions of dollars.

It's a good idea to keep your systems up to date, and install antimalware and antivirus programs. Train your staff to stay away from sites that are the most common sources of malicious code.

#4. Brute force attacks

Handling passwords is tricky, as their strength can vary from one user to another. With that being said, criminals can perform brute force attacks to try to gain entry into your network.

This method uses various combinations of usernames and passwords until a system is infiltrated. Cybercriminals can utilize automated software to generate a large number of guesses, or test commonly used passwords such as “12345678” or “qwertyuiop”.

Your organization can take advantage of two-factor authentication (2FA), and use complex passwords to reduce the chances of a successful attack.

#5. Advanced persistent threats (APTs)

Although most hackers target a huge number of people with a single attack, there are some who zero in on individuals to increase their success rate. APT attacks are especially scary because a hacker's main goal is usually to remain undetected on your system for an extended period.

To stay protected, you'll need to monitor your network regularly for any intrusions. You might also need to conduct network audits to see if there are vulnerabilities that can be patched. Having multiple layers of security for your firm will go a long way. Each one will safeguard from a specific type of attack and work in conjunction with other security solutions to protect your office.

Remember that protection from threats starts with awareness. All things considered, your business should always be prepared during these attacks. You can also partner with a managed services provider (MSP) to monitor and secure your IT infrastructure.

With the alarming rise of threats online, it's best to keep your business protected. Since 2001, Dyrand Systems has been helping clients in and around Vancouver by providing exceptional IT support. Drop us a line today and let's make technology work better for you.


Nicholas Drayer

Nicholas Drayer

Managing Director