Reports show small and medium enterprises (SME) represent 90% of all global business, while the incidence of cyber crime that targets them is soaring. This is a major problem that requires swift and effective attention, but SMEs are at a disadvantage when it comes to implementing cybersecurity countermeasures.
This article discusses the predicament of SMEs in the cyber threat landscape, examines the most common attack vectors, and shows which ones can be effectively countered with GoodAccess.
Table of contents
SME cybersecurity is a global issue
Small and medium enterprises (SMEs) are the backbone of the world economy. According to data published by the World Bank, “SMEs constitute 90% of all global business and 50% of all employment.”
Meanwhile, the use of IT systems and internet connectivity have become crucial to keep this enormous market functioning, as few businesses can operate nowadays without having at least some part of their operations in digital form, and for many the loss of their IT systems’ functionality would cripple the business altogether.
According to a report by ENISA, “80% of EU-based SMEs surveyed stated that cybersecurity issues would have serious negative impact on their business within a week of the issues happening, out of which 57% saying they would most likely become bankrupt or go out of business.”
Despite this, the report states, SMEs do not seem to appreciate that cybersecurity is something that concerns them, with many believing that cybersecurity controls that are included in the IT products they have purchased will suffice and that no additional security controls are necessary, unless mandated by regulations or law.
Perhaps because of this, cyberattacks against SMEs not only happen, but are on the rise. According to the European Digital SME Alliance, targets attacked by cyber gangs causing a data leak were up by 62% between Q1 and Q2 2023 alone.
Ransomware attacks and phishing campaigns are becoming more sophisticated and targeted, claiming victims on every continent. This shows that cyberattacks against SMEs are not a local issue, but a global threat endangering the prosperity of the entire world.
Most common cyberattacks against SMEs
SMEs present an easy target for cybercriminals. Though they may not tempt attackers with such large troves of sensitive information as large enterprises, their data is easier to get to. The general lack of cybersecurity measures among SMBs is the reason why they find themselves under attack in the first place.
Chidukwani et al., of Murdoch University, Australia, conducted an extensive Survey on the Cyber Security of Small-to-Medium Businesses of publications detailing various aspects of SME cybersecurity over the past twenty years.
The survey lists the following types of cyberattack experienced by SMEs over this period (in order of incidence):
- Social engineering (e.g. phishing and other spoofing attacks)
- Hacking (e.g. stolen credentials, data theft)
- Malware (e.g. ransomware)
- Misuse (e.g. malicious insider)
- Web-based attacks and ecommerce supply chain attacks
(Source: Chidukwani et al., 2022)
In the same survey, Chidukwani et al. make the following observation, “Globally and across all organizations, web application servers appear to be the most targeted IT asset in data breaches largely due to the shift towards web-based applications due to an increasing consumption of services offering cloud-based software-as-a-service platforms.”
It follows that most attacks against SMEs would be web-based. Web systems and services provide attackers an enormous attack surface with multiple potential points of entry, whether this involves stealing or tampering with data during transit (man-in-the-middle attack), tricking the user into executing malicious scripts or downloading malware (drive-by attack, watering-hole attack), directing them to a spoofed website (formjacking), a ransomware attack, disruption of services via a DDoS attack, or a breaching account integrity with a brute-force attack (for more information on this subject we recommend checking this ENISA report on web-based attacks).
Other assets that attackers target are user devices and IoT devices. While compromising user devices can help the attacker smuggle malware past perimeter defenses, IoT devices (printers, sensors, cameras, medical devices, etc.) are a popular target, because they tend to have little protection and cybercriminals like to use them to establish persistence in the network.
Cybersecurity challenges of SMEs
If SMEs are such easy targets for such a diverse range of threats, why do they do so little to protect themselves?
The answer is limited resources.
Large enterprises have security operations centers (SOC) with a team of trained cybersecurity professionals creating and enforcing company security policy, selecting the company’s security solutions, and operating an entire matrix of sophisticated defensive tools—endpoint detection and response (EDR), network detection and response (NDR), security information and event management (SIEM), and more.
SMEs do not have that. It’s very difficult for a small or mid-sized company to find and keep an experienced cybersecurity admin on staff, let alone put a SOC together. And while some security companies offer SOC as a service, the price is simply too high for most SMEs to afford, as they need to invest their resources elsewhere.
How can SMEs increase their cybersecurity on a tight budget and low expertise?
SMEs don’t have to make massive investments into new IT infrastructure or high-end security solutions to increase their security, protect their data, and meet regulatory compliance requirements.
The bottom line is adhering to security best practices. All businesses, though SMEs in particular, as their security is generally sparse, should deploy a firewall on their perimeter, use up-to-date antivirus software on all endpoints, activate multi-factor authentication on all systems, and insist on using strong passwords.
But that covers only the barest minimum. SMEs must also prevent credential theft, protect their business against web-based attacks (shrink the attack surface), mitigate insider damage, and reduce the impact of breaches.
That’s where you need GoodAccess and its SaaS-delivered zero-trust network access solution.
The way it works is simple. GoodAccess creates a secure, encrypted perimeter around your authenticated users and systems to shield them from web-based attacks. Inside this perimeter, it enforces your custom security policy to ensure devices meet security requirements, users are authenticated, and have only the necessary privileges assigned.
When an infected device does enter your perimeter, it cannot access all your systems, but only a segment of the infrastructure, which prevents the threat from spreading and reduces the damage inflicted by the attack.
And the built-in Threat Blocker blocks access to malicious domains spread via suspicious links.
With these security controls, GoodAccess protects against these kinds of attack:
Phishing/social engineering
Phishing is an attempt to steal sensitive information or install malware via a spoofed message. It is an extremely widespread form of attack that ranges from crude spam emails to hand-crafted executive phishing messages.
GoodAccess blocks phishing links in spoofed messages with the Threat Blocker feature. This protects against credential theft and landing on malware-hosting sites.
Man-in-the-middle attacks
Man-in-the-middle attacks cover a broad range of malicious activities where threat actors use web systems and services against the victim.
These may include session hijacking, SSL/TLS stripping, DNS spoofing, network eavesdropping, and more.
In all these attacks, the adversary positions themselves between the user and the service with the intention to gain access to the victim’s information and/or gain access to the service.
GoodAccess helps reduce the risk of web-based attacks by encrypting the transmitted data as well as the user’s identity, effectively concealing the user from the attacker and denying them as a target.
Malware
Malware covers a huge number of threat scenarios, and some form of malware features in almost every kind of cyberattack.
The cybersecurity community dealing with the business threat landscape often uses the cyber kill chain framework (originally developed by Lockheed Martin), which describes the life cycle of a cyberattack and the tools that adversaries use in each stage.
GoodAccess can act against malware and other malicious activities in these stages:
- Initial infection—All traffic and user identity is encrypted, which denies cybercriminals a target for deliberate attacks, and Threat Blocker protects against inadvertent visits to malware-dropping sites by filtering bad domains.
- Lateral movement—If a threat does penetrate your secure perimeter and establishes persistence (e.g. in an IoT device), it will not be able to access all of your network, but only a segment of it, thanks to least-privilege access control. GoodAccess handles network segmentation on the network service level. This achieves maximum possible granularity and does not require expert IT knowledge to set up and manage.
- Command and control—Threat Blocker detects attempts to contact C2 centers and botnets, preventing the malware from establishing contact with the attacker. When a communication is detected, both the admin and the affected user account receive an alert.
Denial of service
Denial of service (DoS) attacks, particularly distributed denial of service (DDoS) attacks, have recently become very common. They are cheap to execute and don’t even require much skill to launch, as hacker groups offer them as a relatively affordable service on the dark web. Their targets are usually public institutions, media sites, and telcos, but private institutions have been known to be targeted as well.
GoodAccess protects against DDoS attacks by creating an invisible network perimeter that shields your branch and cloud networks from external attack and the IP addresses of your edge routers and cloud servers are concealed from attackers. Your GoodAccess gateway becomes the central access point that interconnects your clouds and branches via encrypted tunnels, rendering them invisible and untargetable by the DDoS botnet.
In this configuration, only your public-facing services are publicly accessible; everything else, including employee access, is private. This protects not only against DDoS attacks but also against the inherent vulnerabilities of hardware routers and firewalls.
Malicious insider
A threat actor acting via a compromised or stolen device can gain enormous amounts of sensitive data. But a data leak can occur even as an inadvertent mistake of a well-meaning employee.
GoodAccess mitigates this risk by assigning access to users on the least-privilege principle. The perimeter is segmented and users do not have access to segments they do not need. This protects critical systems from attack by insiders and prevents the threat from spreading and escalating.
You can further reduce the risk by setting up restrictions via Device Posture Check. For example, you can restrict access to critical systems so that only devices from a specified domain can access them. This prevents cybercriminals from accessing the systems using stolen credentials because they lack the correct device.
Summary
The lack of cybersecurity among SMEs is a global issue with far-reaching consequences that affect businesses on every continent. The main reason small and medium businesses do not invest properly in their cyber protection are their limited resources, which make extensive security tools unavailable for them and prevent them from hiring qualified IT security staff.
Despite these challenges, SMEs can still effectively defend themselves against cyberattacks with user-friendly, SaaS-based solutions like GoodAccess.
GoodAccess makes it possible for SMEs to deploy zero-trust network access without an investment in additional hardware or software tools, while protecting them against a broad array of cyber threats, securing systems on the network level that would otherwise be difficult to protect, and ensuring compliance with regulatory requirements for network security.
