SMBs face cybersecurity challenges post-pandemic

After a year of struggling to adapt to the pandemic-driven shift to remote work, rapid SaaS application adoption, and an FBI-documented 300% increase in cybersecurity attacks, small and mid-sized business (SMB) tech leaders and advisors are looking ahead with relief to a return to relative normalcy. But certain challenges are expected to remain, especially in light of their paltry budgets. In fact, Untangle’s 2020 SMB IT Security Report notes that 39% of SMBs are still investing less than $1,000 per year on IT security.

Our recent panel-driven virtual conference, A New Playbook to Protect Your Users from Cyberthreats in 2021, examined how small-business IT managers anticipate that many changes wrought by the pandemic will have lasting effects on their cybersecurity strategies.

Keynote speaker and panel moderator Paul Stringfellow, data security analyst at GigaOM, set the table by noting how in the early days of the pandemic, newly-popular collaborative applications like Zoom and Microsoft Teams opened up new attack surfaces to cybercriminals, while ransomware attacks soared as users moved to less robustly-defended home offices. He then introduced a panel of SMB IT managers and cybersecurity experts to delve into new approaches for SMBs to modernize their operational tactics with more adaptive, behavioral and automated cybersecurity countermeasures.

Stringfellow kicked off the panel discussion with a query about common cybersecurity mistakes. Bobby Lalwani, IT manager at Terra Nova Industries, cited the essential importance of patching while noting how many SMBs struggle to keep up with the flood of known vulnerabilities. Dave Seibert, CIO of IT Innovations and a Microsoft MVP, asserted that it was time for many SMBs to replace aging tools that cannot address modern cybersecurity challenges like the prevalence of zero-day attacks.

Candid Wüest, VP of Cyber Protection Research at Acronis, ruefully noted how often cybersecurity basics get neglected, as when weak passwords often provide the initial entrée for a malware attack. Randy George, senior director of technology operations for Major League Baseball’s Boston Red Sox, argued in favor of more rigorous vulnerability scanning: “You can’t force-rank the cyber issues that you need to remediate unless you know about them.”

The panel’s focus shifted to the newest threats their organizations were facing. George related how the Red Sox saw a big increase in phishing-driven financial scams targeting home-based workers.

Wüest spoke of how his research team identified many longstanding, familiar attacks upgraded with new wrinkles, like increased targeting of cloud data repositories, and greater use of automation to increase attack frequency. “We see 600,000 new malware samples every day; is your defense also using automation, or are you just getting swamped by all those attacks?”

Seibert observed that the average ransomware attacker sat inside its victim’s network for over 172 days, its low-profile reconnaissance pinpointing the optimal time to strike to wreak the most havoc.

The discussion pivoted to how the pandemic had catalyzed changes to small-business IT operations. Lalwani related how his new tasks included helping remote workers harden their consumer-grade Wi-Fi access points, routers and firewalls against attacks.

Wüest noted an early-pandemic hardware supply crunch that forced many workers to rely on personal laptops, another security and support challenge, prompting greater demand for packaged remote-management configurations. George spoke of the challenges of newly-critical collaboration apps like Zoom, from licensing to remote-access capacity to novel security issues. Seibert noted the requirement to move on from a perimeter-centric mindset, and underlined the importance of multi-factor authentication for sensitive applications: “MFA is no longer a like or a want, but a must.”

The moderator next floated the question of how SMBs should address increasing attacks on cloud infrastructure and SaaS applications. Wüest cited the importance of simplicity in cloud security implementations, arguing for consolidation of tools and more automation. George spoke of the Red Sox’ reliance on SIEM tools to consolidate and analyze events generated by cloud agents and security tools, and single sign-on infrastructure to reinforce user authentication.

As the most common malware threat faced by SMBs, ransomware drove the next discussion topic, specifically when it makes sense for a business victimized by a successful attack to pay the ransom rather than undertake a lengthy recovery effort. Lalwani related how a colleague at another company opted to pay a relatively small ransom of about $600, while another faced a $600,000 demand and chose instead to rebuild from one surviving NAS repository: a slow, painstaking, incomplete process.

Wüest cautioned that paying up also entails risks, as even with a working decryption key, restoral can take days or weeks, and that many companies will struggle to source enough cryptocurrency to meet ransom demands than can exceed six figures. Seibert recommended that companies hire legal help to negotiate ransom demands downward, and to air-gap backups to prevent their encryption and thus enable data restoral without paying the ransom. George advised investing in redundant data protection as the most foolproof way to abet a ransom-free recovery.

In the concluding live audience Q&A, Wüest addressed an attendee’s concern about software supply-chain attacks like the recent SolarWinds breach with some more broadly-applicable advice: “This is another attack that is not new, and they keep recurring because they’re effective. They provide a useful reminder that even large companies aren’t 100% safe from attacks. But it’s not hopeless; don’t give up, and do your homework.”

A replay of the virtual conference is available from the Acronis Events page. You can also learn more about defending against software supply-chain attacks with our recently published, complimentary e-book.