Cyber Threat Landscape Concerning Startups and SMBs

Why so vulnerable?

• Several startups and SMB owners might feel up a gum tree when it comes to cyber risk evaluation.
• Nearly 50% of owners do not provide their workforce with any training related to cybersecurity.
• Many SMBs and startups do not realize that they are under the risk of cyberattacks, since they do not have the appropriate resources to keep up with the evolving threat landscape.
• Moreover, many spend on pirated or cracked software to cut down on costs.

Challenges faced

• Data breaches - this is one of the fastest-growing cybercrimes. This week, the stolen databases of 18 websites were put for sale on a hacker forum for free. All the databases belonged to startups.
• Extortion - the most common form of extortion is ransomware; SMBs constitute 71% of ransomware victims. Another form of extortion is Denial of Service (DoS) attacks. In the later part of March, the servers of German food delivery startup Liefrando were hit and the attackers demanded a ransom of 2 BTC.
• Phishing - phishing is one of the biggest threats to small businesses. Criminals attack small businesses through web applications, constituting around 70% of breaches.

Stay safe, but how?

• The first step would be to sensitize the workforce about cybersecurity practices and identifying and responding to threats. In addition to this, dealing with spear-phishing emails should be emphasized.
• SMBs and startups are recommended to implement strong Identity and Access Management (IAM) systems to prevent unauthorized data leaks.
• Continuous vulnerability management should be conducted to remediate code-based vulnerabilities. A more proactive intel-based approach can also help thwart threats at an early stage.
• Other recommendations include boundary protection, data protection, limitation and control of network ports, protocols, and services, and account monitoring.

The bottom line