Did you know that if all small and medium businesses closed, the GDP and global economies would collapse? SMEs are a fundamental part of the heart and economic engine of our society, representing 90% of all businesses worldwide. According to the World Bank and Statista, the approximately 332,9 million enterprises contribute up to 40% of national income (GDP) in emerging economies, playing a key role and adding value to every sector of the economy.
Η Check Point® Software Technologies Ltd. cyber security provider, publishes recent research which states that SMEs are one of the most frequent targets of cyber attacks, with ransomware already a significant threat to more than 80% of SMEs in Europe.
However, investments in cybersecurity are still among the most important pending needs for these businesses.
In accordance with Check Point Software's SMB Report 2022 από μια έρευνα σε περισσότερες από 1.000 μικρομεσαίες επιχειρήσεις στις USA, τη Γερμανία, το Ηνωμένο Βασίλειο και τη Σιγκαπούρη, διαπιστώθηκε ότι δύο από τις μεγαλύτερες επιπτώσεις που έχουν οι κυβερνοεπιθέσεις στις μικρομεσαίες επιχειρήσεις περιλαμβάνουν τα χαμένα έσοδα (28%) και την απώλεια της εμπιστοσύνης των πελατών (16%).
In reality, however, the damage is not always limited to businesses alone. The methods used in cyberattacks continue to evolve, giving rise to so-called double and triple extortion ransomware attacks, in which, after thetreatment of the hacked company and holding it for ransom, the users affected by the breach are getting in touch again and asking them for more money.
Για αυτόν τον λόγο, η Check Point Software θέλει να διασφαλίσει ότι οι ΜΜΕ γνωρίζουν τους τρέχοντες κινδύνους στο network, καθώς και να τις βοηθήσει να επιτύχουν ψηφιακή ανθεκτικότητα που τους επιτρέπει να συνεχίσουν να αναπτύσσονται με ασφάλεια, προσφέροντας τους μερικές συμβουλές όπως:
- Regular backups: one of the main goals of ransomware is to disable access to data. In this way, and sometimes with the added threat of deletion, cybercriminals seek ransom payments from their victims. Creating and storing automated data backups allows companies to quickly recover from these cyber attacks, minimizing the frequency of these attacks.
- Update devices on a recurring basis: there are many media and users who do not proceed with updates as soon as they receive one or leave it for later, which is a terrible mistake. The purpose of applying patches and updates is to plug or fix any vulnerability that exists in the device or application, being a critical element in defending against ransomware attacks. Otherwise, cybercriminals can take advantage of the latest exploitable vulnerabilities they've discovered by targeting their attacks on systems that are still vulnerable.
- User Authentication: just as we don't share our passwords or even our house keys, it's just as important for companies to ensure that only the right people have the necessary access. A recurring type of cyberattack focuses on Remote Desktop Protocol (RDP) access with stolen user credentials. Using two-factor user authentication adds an extra layer of defense to prevent attackers from using these compromised passwords or accounts.
- Reducing the attack surface: given the high potential cost of a ransomware infection, the best strategy is to focus on one strategy preventions, preventing attacks before they develop rather than the current traditional detection (which means the organization allows the attack to take place and then rushes to mitigate its impact).
- Develop a solution against it ransomware: given its data encryption methodology, ransomware leaves a unique digital footprint when it runs on a system. Anti-ransomware solutions are designed to recognize these traces and detect these attacks more effectively.
- Cyber Security Education and Awareness: Most malware targeting SMBs is often spread via phishing emails, and the weakest link in the chain is often employees. In Greece, according to Check Point's Threat Intelligence Report, 97% of malware monthly in the last 6 months came from emails. Therefore, it is vital to educate employees on how to recognize and avoid potential threats of this type with training and support of relevant security tools.