Cybercrime in small businesses. Can he be stopped?
In February 2022, officials from the National Cybersecurity Directorate reported that cyberattacks on Romanian infrastructure had increased “100-fold” due to political instability in neighboring countries. Reports like this and the large number of incidents continue to demonstrate that cybercrime is a complex and evolving problem.
So what hope do small businesses have against such a sophisticated threat? Take the example of spear phishing.
Regardless of the source consulted, cyberattacks against businesses are on the rise all over the world. Worryingly, Forbes says small businesses are more likely to fall prey to digital attacks than large ones, while consultancy FSB notes that the same group of organizations may have to defend against up to 10 000 attacks every day. Most of them arrive in a rather boring way, via e-mail.
The goal of cybercriminals is to get the keys to the entire company as quickly as possible. This is often achieved through ‘spearphishing’, in which a malicious actor impersonates an important person to trick someone into giving out passwords and other important details. Used on a workforce unaware of cybercrime, this attack is often successful – and costly.
There’s a strange disconnect between how people behave with their own technology and how they deal with computers and phones at work. For example, at home, most people are aware of the importance of regular backups and can even keep spare devices in case of emergencies. This led to the creation of what ExpressVPN described as a tech survival kit, an add-on to a “bug-out” bag for struggling devices.
A tech survival kit should contain everything needed to perform minor repairs on consumer tech, such as a screwdriver kit, pen knife, charging cables, and a USB drive full of copies of important documents. The package should also contain items that can help in a real emergency, such as a satellite phone, a prepaid SIM card and a portable Wi-Fi hotspot. These can help expedite the rescue in the worst case scenario.
This kind of thing – disaster preparedness – usually falls to the IT departments of the office, which creates apathy towards cybercrime among the rest of the staff. The idea that someone else will do it can often leave holes in a company’s defenses. In the UK, for example, the 2019 IT Security Summit found that only 23% of employees had received cyber threat training while at a company.
The problem with tackling digital threats is that it is largely a human problem, which means the only solution is education. Of course, not all companies are willing to raise barriers against a problem that may never happen, as is sometimes the case with more mundane nightmares like floods. However, in Romania, cybercrime is so lucrative that ABC News claims to have taken over entire towns.
Overall, few cyberattacks cannot be stopped at the source, as they usually require social conditioning, i.e., simple persuasion. However, businesses have few options without the desire to stop cybercrime in the first place.