How SMBs Can Prepare for Identity-Based Attacks in 2023
Written by Michael Sentonas, CTO at CrowdStrike
The cybersecurity threat to small- and medium-sized businesses (SMBs) continues to grow as cybercriminals recognize both how vulnerable they can be and the potential value of the data they have. It is critical for SMBs to be aware of the threats they’ll face and how to defend against them. SMB breaches don’t often make headlines, which has led many to believe they fly under attackers’ radars.
In reality, they are among the lowest-hanging fruit for threat actors to exploit — and the data shows cybercriminals are taking advantage: 76% of SMBs surveyed in a 2022 study were affected by at least one cyberattack in 2021, an increase from 55% who said the same in 2020. Sixty-three percent of SMBs surveyed in a separate report say they face increasingly advanced cyberthreats, including ransomware and identity-based attacks (2022 CrowdStrike SMB Survey).
These threats arrive in many forms. The 2022 Verizon DBIR found system intrusion, social engineering and privilege misuse represent 98% of breaches affecting small businesses; further, credentials made up 93% of data compromised in SMB attacks. Over time, more organizations fear they’ll be the next target: a CNBC survey of 2,000+ small business owners found 61% of small businesses with 50+ employees are concerned they’ll be hit with a cyberattack within a year.
Cyberattacks can create significant financial pressure on SMBs, which is a huge concern in a tough macroeconomic climate. A recent survey found that 60% of SMB victims closed their doors within 6 months of an attack. While many SMBs are familiar with malware and may have installed what they perceive as “good enough” security such as basic antivirus software to combat these kinds of attacks, the reality is the threat landscape is much more complex and sophisticated than it used to be. Cybercriminals continue to evolve their strategies at a breakneck pace to bypass traditional security tools, making traditional AV systems increasingly less effective in protecting SMBs.
Many adversaries employ human-engineered methods to break into businesses of all sizes. Throughout 2022, there has been an increase in identity-based attacks and the development of sophisticated file-less techniques bypassing traditional multi-factor authentication defences.
Adversaries are going beyond credential theft, instead using techniques like pass-the-cookie, golden SAML and social engineering with MFA fatigue to compromise identities. According to 2022 CrowdStrike threat data, 71% of breaches forgo malware entirely to evade legacy antivirus software searching for known file- and signature-based malware.
The evolution in adversary techniques shows no sign of slowing in 2023, but with limited budgets and staff, it is imperative SMBs make the most of their resources and time to stay toe-to-toe with even the most advanced adversaries.
A good offence is a great defence. SMBs should think beyond threat detection to focus on threat prevention as well. Many SMBs opt for a managed services approach to augment limited time, resources and expertise. In addition, the following best practices can have a tremendous impact on the strength of your defences:
- Educate your employees: Your entire workforce should be aware of the types of security threats and social engineering attacks they face at work, such as phishing, smishing, honey trapping and more.
- Enforce multi-factor authentication (MFA): As identity becomes a critical component to cyberattacks, MFA provides an extra layer of defence so you can be sure it’s an employee and not an attacker, gaining access to systems and resources.
- Perform regular backups of critical data: If a breach hits your small business, you’ll be glad you backed up your data in the cloud. The cloud provides better accessibility and visibility into data backups, along with faster execution that further minimizes downtime. It’s worth noting an attacker may encrypt backups if they gain access to your systems, so it’s critical to create a strong defence.
- Keep up with software patches: Data breaches often start when an attacker exploits an unpatched vulnerability. Keeping software up-to-date ensures this vector is blocked. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has an updated list of known exploited security flaws.
- Lock down your cloud environments: Protect your cloud drives (such as Box or Google Drive) by implementing MFA and adhering to the principle of least privilege, which ensures employees only have access to the resources they need for their jobs.
- Implement and test your threat detection and response: Make time to analyze your environment and user behaviours for malicious or abnormal activities. Stay current on threat actors, tradecraft and indicators of attack. Define, document and test what a successful incident response looks like. Plan for the “when,” not the “if.
Once you’ve covered the basics, consider intel-driven defence to support detection and response. Understanding threat actors does not need to be complex or time-consuming, as long as the right threat intelligence is available. Attribution enables security teams to understand their true risk posture by defining who could come after them and how and adjust their security strategy based on these facts.
Cybersecurity is a big challenge for SMBs, but it is possible to build a strong security posture and protect your environment from today’s threats — even with limited resources. Rethinking your security strategy and upgrading your defences now can make a tremendous difference in getting through a cyberattack if – or when – disaster strikes.