Sitting Ducks: Are You Leaving Your Business Open for Attack?

Waqas S
Cybersecurity Journalist   DontSpoof

There have been some hugely publicized attacks on big brands over the years – some high-profile cases include the World Health Organization (WHO), Marriott Hotels and, most recently, T-Mobile. There is an alarming increase in the number of daily cyber-attack attempts and business security is top of mind.

The question is, why have businesses become sitting ducks, so to speak? Below, we will explore the numerous business vulnerabilities and why they’re a prime target for cybercriminals.

Vast Amounts of Data

When exploring the reasons behind why businesses, big or small, are technically sitting ducks for a cyber-attack, the vast amounts of data stored gets brought into question. Naturally, a cybercriminal is much more interested in the value of the data a business holds rather than trying to get into your Facebook account (even though 553 million Facebook accounts have been hacked). 

The value of data is the primary reason why a cybercriminal would target a business. Businesses handling any financial transaction will typically store names, addresses, card details – everything a criminal needs to commit identity fraud or bank fraud. So, yes, businesses are sitting ducks in that respect. That coupled with the fact that account holders aren’t always savvy when it comes to vulnerable passwords creates a dream scenario for hackers – although password weaknesses aren’t the only reason they infiltrate. 

There are numerous preventative measures a business can take to protect data security. Security software is the most simple and often effective method. Additionally, it’s essential to keep up to date with security software updates. Outdated security software can be just as much of a risk. 

Businesses should also prompt customers to create strong passwords containing a mixture of numbers, letters, special symbols and neglect creating a password with words that make sense. For example, the password Orange123 is weak, Or4ng3-132 is strong.  

Software Application Vulnerabilities

A business can create iron-clad policies, and customers create nonsensical passwords, but that’s only covering two bases. Studies show that software application vulnerabilities account for 43% of data breaches – mainly down to the fact up to 80% of codebases are created using open source coding. 

Open source coding is hugely popular because it gives businesses the chance to purchase coding that can be customized to their unique business needs, and it’s widely accessible. The coding is created collaboratively amongst a group of — most of the time — professional developers looking to sell their software creation to the masses, but there are weaknesses. That’s why the shift left testing approach is now widely used by many DevOps teams – adopting a testing method that happens early and often rather than waiting.

Testing early and often is one solution that works well when used alongside other vulnerability management tools, such as quarterly vulnerability checks to identify any weaknesses in software applications. Proprietary software applications are somewhat safer. But for small to medium businesses with a smaller budget, open source software is often the best option.

The Danger of Being a Small-Medium Sized Businesses

Yes, big businesses are also sitting ducks because they are the ones with mass amounts of data. Yet, it’s small to medium brands that are the most vulnerable to cyber-attacks. 43% of cyber-attacks happen on small businesses each year, and 60% of those go out of business within six months – according to the U.S. National Cyber Security Alliance. That’s because the result of a serious data breach costs small-medium companies $2.2 million per year. 

Cybercriminals know it’s much easier to exploit the weaknesses of a small-medium business. For one, they know that small businesses are more likely to use cheap software applications with security loopholes. And two, they’re aware that smaller businesses are often a great way in, making it easier to access bigger businesses with more robust cybersecurity systems. 

There are simple things a small-medium business can do to prevent an attack. Employee education on data usage and sending/receiving information is essential, and so is backing up data so that it’s easy to recover lost data. Investing in top-level security software also pays off.

Rogue Ex-Employees

Rogue ex-employees are not always the first to come up in a list of reasons, and that’s why they’ve made this list. There are countless examples of rogue ex-employees becoming a security issue. All a business has to do is leave an employee log-in open and with access to the data for a data breach to potentially happen. 

In 2021 alone, a police officer was convicted of sharing information on the dark web, and a data leak at Radboudumc Hospital occurred due to a former employee. Ex-employees sometimes have malicious intentions. Try and ensure that policies are in place within the contract any employee should sign to prevent this, such as an NDA. If an employee leaves, wipe their access and change any passwords they had access to. Passwords, as a rule, should be changed monthly anyway.

Ensure your business security

Businesses are under constant threat from cybercriminals. The vast amount of data and multiple weaknesses leads to vulnerabilities that can be hard to manage. However, the advancement in vulnerability management tools and security software means many of these attacks are prevented.

Waqas S

Tags: , , , ,

Leave a Comment