Thinking like a Cyber Criminal: Strategies to Keep Small Businesses Secure

It seems like every month we hear reports of another major cyber attack that has impacted a company. Just recently we’ve seen everything from a cyber attack that resulted in Toyota’s second data breach to a Florida town paying $600,000 to ransomware criminals.

And these are just the attacks that make the news.

What don’t necessarily make the news cycle are the attacks on small businesses. However, that doesn’t mean that these attacks don’t exist. In fact, Cyber Defense Magazine estimates that cyber criminals spend 43% of their time attacking small businesses.

Who are these attackers targeting the networks of small businesses, and what are their motivations?

We sat down with Attila Torok, Director of Security Engineering at LogMeIn, and asked him to dive into the mindset of these cybercriminals. In addition to the high-level overview below, Attila joined us for a live webinar where he covered this landscape in greater detail. The webinar is available to view on-demand here.

CYBER-CRIMINAL #1: Script Kiddies 

Script kiddies are cyber criminals who mass email or deploy scripts in order to hack networks. For the most part, these cyber criminals operate independently and are not extremely technical. (They tend to use scripts or code that they find on the internet.) Therefore, in most cases, they are unaware of the damage they are causing with certain scripts. Script kiddies tend to target low-hanging fruit such as poor passwords or unpatched systems.

They are primarily motivated by the satisfaction they feel once they successfully hack into a network. These cyber criminals enjoy bragging to their networks on their cyber criminal escapades. Compensation is a secondary motivator that also inspires these hackers.

CYBER-CRIMINAL #2: Organized Cyber Criminals 

These cyber criminals are more educated and organized than script kiddies. They tend to be very tech-savvy and engage in cyber-criminal activity as part of their full-time occupation as product managers or engineers. Organized cyber criminals use a variety of methods for infiltrating a system, such as phishing and ransomware.

Like script kiddies, organized cyber criminals tend to focus on low-hanging fruit, where quantity over quality is the driver. Unlike script kiddies, organized cyber criminals are motivated completely by compensation. Their primary goal is to identify and steal valuable information to resell on the dark web. Therefore, their attacks can be more dangerous if sensitive data falls into their hands.

Mitigating Risk

Both of these cyber-criminal types can be terrifying for a security-conscious small business, but there are steps small businesses can take to mitigate their risk of a successful attack. Attila recommends implementing these four must-dos in order to protect your small business from these criminals.

MUST-DO #1: Patch Your Systems 

Creating a comprehensive plan to update Windows and third-party applications is no longer optional for IT teams. Cyber criminals are known to exploit outdated patches in order to gain access to networks. In fact, according to the Ponemon Institute, 57% of cyber-attack victims report that they could have proactively prevented their attacks by installing an available patch, and 34% of these victims stated that they were aware that a vulnerability existed before they were attacked by it.

MUST-DO #2: Employ an Antivirus

To protect your end users when they receive malicious links or software, it’s essential that you have a strong managed antivirus in place.

To make your life easier, look for a software solution that lets you centrally manage both your patch management and antivirus from one platform. This provides a single-pane-of-glass view into your endpoint security, which can save your team valuable time.