Organizations are being breached everyday at an outstanding rate. Hackers typically do not discriminate on the size of the organization, but rather focus on how soft the target is. In layman’s terms, how easy they can get around the security. Most people mistakenly believe that when they are breached, they will know. In this blog, we discuss how small businesses can know they have been breached and methods to decrease the time between a hack and the discovery.
Hackers Don’t Discriminate
Like almost anything else there are many types of hackers for a rainbow of causes: to stick it to the man, for a righteous cause, to increase the size of a botnet, as a source of revenue, etc. But for most small business owners I speak with, they don’t think they are a target because of their size. They are wrong. If you put on your criminal ski mask and think about things, whose business would you break into one with cameras everywhere or another with no visible cameras, no lights on, and a nice dark alley to enter on? Probably the second, which is a metaphor for a small company on the internet. Most have little to no security in place to stop or detect a bad guy.
How do I detect?
Detection starts by having some defenses in place. Luckily software and tools have gotten relatively cheap over the last 5 years or so. To start, make sure you have antivirus. This is a no brainer. Even the built in Windows Defender has a close detection ratio to the paid service. No, it does not stop everything but having update antivirus increases the difficulty of a hack. Having multiple options and a quality free product available, there isn’t an excuse not to have anything running.
For a second suggestion, I recommend EDR tools. Back in the day, these were expensive, but antivirus vendors are including this as part of their offering and at a great price. EDR stands for Endpoint detection and response, which essentially means you have more insight into the happenings on all of your computers. Unlike normal antivirus solutions, EDR tools tell you the chain of activity around an event. This comes in handy during an investigation and has much more advanced detection capabilities than the classic antivirus. Additionally, for IDSA and HIPAA compliance, this tool helps satisfy your logging requirement for endpoints.
Thirdly, I would recommend using a code scanning solution for your website. These look for malicious snippets within the code that is your website. Attacking websites that are out of date or misconfigured are a past time of cyber criminals. With the development of programs such as bug bounties, flaws in code are being discovered at a more rapid rate. Both the good and bad guys are taking advantage of the discoveries and the out of date servers. Invest in code scanning services, sometimes referred to as a site scanner because they are too affordable not too.
Lastly, you can rely on someone reporting an issue to you. Not the optimal route for sure but this happens more often than you think. Independent researchers and law enforcement are the most likely people to report a breach. Unfortunately depending on how small a business is, the feasibility of having a company monitor the network could be out of reach.
The fact is that most businesses big or small find out well after the attacker has taken over their network. Being able to have serious detection capabilities cost money which small businesses can’t afford. For detection, the best bet is to invest in the areas I described and educate the entire company. User awareness training is the most cost effective and impactful investment you can make as a business owner. Make sure you follow any regulatory guidelines for technical implementations and invest in your people. Secondly make sure you have a good layered defense and maintain updates. These activities deter many attackers much like having cameras in a shop.
To learn about some of the topics we spoke about, refer to our other blogs:
Co-founder + Ethical Hacker
Micheal has over 13 years combined experience in Information Security, Information Technology, and Physical Security. He has tackled some of the most daunting certifications in the industry and his passion for the cyber world is unparalleled with exposure to virtually every industry. He continues to hone his skills in Incident Response, Penetration Testing, and Consulting. Recognizing the need for change in cyber security, he volunteers to help entrepreneurs, veterans, and recent graduates.