Organizations are being breached every day at an outstanding rate. Hackers typically do not discriminate on the size of the organization, but rather focus on how soft the target is. In layman’s terms, how easy they can get around the security. Most people mistakenly believe that when they are breached, they will know. In this blog, we discuss how small businesses can know they have been breached and methods to decrease the time between a hack and the discovery.
Hackers Don’t Discriminate
Like almost anything else there are many types of hackers for a rainbow of causes: to stick it to the man, for a righteous cause, to increase the size of a botnet, as a source of revenue, etc. But for most small business owners I speak with, they don’t think they are a target because of their size. They are wrong. If you put on your criminal ski mask and think about things, whose business would you break into one with cameras everywhere or another with no visible cameras, no lights on, and a nice dark alley to enter on? Probably the second, which is a metaphor for a small company on the internet. Most have little to no security in place to stop or detect a bad guy.
How do I detect?
Detection starts by having some defenses in place. Luckily software and tools have gotten relatively cheap over the last 5 years or so. To start, make sure you have antivirus. This is a no brainer. Even the built in Windows Defender has a close detection ratio to the paid service. No, it does not stop everything but having update antivirus increases the difficulty of a hack. As there are multiple antivirus options available and even some good products for free, there isn’t an excuse not to have anything running.
For a second suggestion, I recommend EDR tools. Back in the day, these were expensive, but antivirus vendors are including this as part of their offering and at a great price. EDR stands for Endpoint detection and response, which essentially means you have more insight into the happenings on all of your computers. Unlike normal antivirus solutions, EDR tools tell you the chain of activity around an event. This comes in handy during an investigation and has much more advanced detection capabilities than the classic antivirus. Additionally, for businesses with compliance requirements, this tool helps satisfy your logging requirement for endpoints.
Thirdly, I would recommend using a code scanning solution for your website. These look for malicious snippets within the code that is your website. Attacking websites that are out of date or misconfigured are a past time of cyber criminals. With the development of programs such as bug bounties, flaws in code are being discovered at a more rapid rate. Both the good and bad guys are taking advantage of the discoveries and the out of date servers. Invest in code scanning services, sometimes referred to as a site scanner because they are too affordable not too.
Lastly, you can rely on someone reporting an issue to you. Not the optimal route for sure but this happens more often than you think. Independent researchers and law enforcement are the most likely people to report a breach. Unfortunately depending on how small a business is, the feasibility of having a company monitor the network could be out of reach.
The fact is that most businesses big or small find out well after the attacker has taken over their network. Being able to have serious detection capabilities cost money which small businesses can’t afford. For detection, the best bet is to invest in the areas I described and educate the entire company. User awareness training is the most cost effective and impactful investment you can make as a business owner. Make sure you follow any regulatory guidelines for technical implementations and invest in your people. Secondly make sure you have a good layered defense and maintain updates. These activities deter many attackers much like having cameras in a shop.