Cybersecurity risks for SMEs and the self-employed

Cybersecurity risks are a growing concern for SMEs and the self-employed. Cyber-attacks have become commonplace and it is increasingly common to hear data such as that confirmed by Interpol, which indicates that in the first quarter of 2020 alone, 907,000 spam emails, 737 malware incidents and 48,000 malicious URLs were detected, all related to the coronavirus.

This increase in cyber-attacks has led companies and public bodies around the world to increase their budgets to defend themselves against these threats. In fact, the National Cybersecurity Institute (INCIBE) will manage 260 million euros in aid this year to strengthen business cybersecurity capabilities.

Last year INCIBE handled more than 130,000 serious cybersecurity incidents, and cyber attacks increased by 80%, with almost 40,000 per day.

Forecasts indicate that this figure will continue to rise. Hackers are targeting those organisations that are not as well protected and that tend to have a small or medium-sized business profile. According to the State of Website Security and Threat Report, 75% of SMEs believe that attacks will occur more frequently in 2021.

The top four cybersecurity risks facing SMEs and the self-employed

Ransomware

Ransomware is a type of malware that prevents users from accessing their system or personal files. Precisely this type of attack not only reaches the private sphere, but a few weeks ago, for example, it was used in the attack on the Public State Employment Service (SEPE). These attacks, in which the attacker usually asks for payment in order to recover the files, are growing all the time. In particular, in Spain there has been a significant increase in ransomware attacks since the start of the pandemic.

The main entry point for this type of threat is still phishing. It is recommended that company employees take training and awareness courses. In addition to protecting and keeping their computers up to date to prevent computer infection.

Automation of attacks

Cybercriminals have started to implement new technologies in their attacks, such as Artificial Intelligence (AI), Machine Learning and Deep Learning, to learn from each new attack and improve the next one. According to data from the Spanish Data Protection Agency (AEPD), 1,460 personal data security breaches were recorded in 2019, tripling the number of 2018 (547).

Ideally, companies should achieve a mature level of cyber security composed of several layers of protection supported by technology, such as Threat Intelligence that provides information on the intent, opportunity and attack capability of cyber criminals, allowing them to improve their defences against such attacks.

Attacks in the Cloud environment

The pandemic has changed the way companies work. Many have turned to cloud storage to facilitate teleworking and team-wide access to documents. However, it is important to be aware that this type of storage can carry some dangers, if appropriate protection controls are not used.

According to a recent McAfee report, the number of external threats targeting cloud services has risen by 630%.

This type of attack leads to the total or partial disabling of services, so it is advisable to increase the usual level of protection and opt for an approved cloud and cybersecurity provider that offers solutions that are capable of adapting to the reality of each company. Precisely because of their size, SMEs are a vulnerable target in this type of environment.

Cyber espionage

During 2020 there has been a significant increase in attacks against industrial property aimed at stealing confidential data and information. Cases of attacks such as those suffered by the European Medicines Agency, the Spanish pharmaceutical company Zendal or FireEye itself are just a few recent examples of such threats.

This is why it is key to have internal defence systems and a reliable and responsive cyber security provider. One such defence system is Deception services. These systems generate traps that simulate network architectures and sensitive corporate content. This prevents the cybercriminal from gaining access to real classified information.

In an increasingly connected world, SMEs must protect their data as well as possible and continuously validate the vulnerability of their systems. Cybersecurity risks for SMEs and the self-employed are increasing and it is important to be informed and alert to the new types of cyber-attacks. In addition to being at the forefront of technology to be able to stop this type of attack.