Cyberattacks: definition, challenges for SMEs and the most common attacks

After reading this article, you will be able to better understand:

• What is a cyberattack?
• What they represent for SMEs
• The monetary implications of cyberattacks
• The most common types of cyberattacks

Cyberattacks top concerns for SMEs

SMEs are increasingly relying on cloud solutions, and the digital transition is in full swing, raising many questions about cybersecurity. Did you know that in 2018, 58% of cyberattack victims were small businesses? The term is increasingly present in the news, but what does it really represent?

This article will outline the challenges of cybersecurity in SMEs and will define what a cyberattack is, as well as briefly detailing the most frequently encountered ones to give you an overall picture.

A recent study by AppRiver, a cybersecurity solutions provider, found that the majority of managers of small and medium-sized businesses with 1 to 250 employees were more concerned about malicious attacks than floods, fires, a transport strike, or even a break-in at their offices.

Costs associated with cyberattacks are skyrocketing

In 2017, the costs associated with a data breach increased by 11%, and a Kaspersky study found the average cost of a cyberattack to be US$1.3 million for large companies, while it was US$117,000 for SMEs.

Of course, it's easier for large companies to invest the big bucks to get out of these situations. Consider Equifax, which just agreed to pay a £340 million fine following two massive data breaches in 2017.

The reality is quite different for small and medium-sized businesses, which cannot afford to spend such sums. It is therefore important for managers of these companies to know how to identify potential cyberattacks and how to protect themselves against them.

What is a cyberattack?

According to the Antidote dictionary, a cyberattack is a "malicious act committed against a computer system via a computer network." These attacks, carried out by cyberhackers or cybercriminals, are classified into four categories: cybercrime, image damage, espionage, and sabotage.

“In 2018, 58% of cyberattack victims were small businesses.”

The most common types of cyberattacks

Some of the types of attacks that compromise the security of SMEs include:

• Denial of service (DoS – Denial of service)
• Phishing
• Man-in-the-middle
• Virus (Malware)
• Injection
• Insider trading

1. Denial of service (DDOS – Distributed Denial of Service)

A denial of service attack is a malicious attempt to disrupt the traffic of a server, service, or network by bombarding the target or its surrounding infrastructure with a flood of internet traffic.

These attacks exploit a system of compromised machines, called zombies or bots, which make multiple requests to the target's IP address and prevent common requests from proceeding. This army of zombies can consist of computers and networked devices.

2. Phishing

This attack is one of the best known and oldest. Phishing attempts to retrieve confidential data from victims, such as usernames, passwords, credit card information, or network access information.

This malicious act relies on social engineering to manipulate victims into performing an action, such as clicking on a downloadable link or downloading a document. Phishing usually begins with a fake email from a recognized person, but it differs in appearance from the original email.

3. Man-in-the-middle

A man-in-the-middle attack is similar to traditional phishing, but begins with communications between two people. This could be between an individual and their bank, or between a boss and one of their employees.

A cybercriminal who intercepts the messages then inserts themselves into the conversation and sends a fraudulent message to one of the parties. This could be an email with a link to a fake website that looks very similar to that of a provider and asks for the customer's login information.

There are multiple ways for cybercriminals to execute these attacks, but often they originate from a poorly protected network.

4. Malware

Perhaps the most well-known form of attack, malware , the famous computer virus, is the standard-bearer of risks associated with IT.

Computer viruses are part of the malicious software family, commonly referred to as malware, and constitute only a small percentage of it. In fact, pure viruses are on the decline and account for only 10% of all malware found on the internet.

Some of the most common malware types include Trojan horses, cryptoviruses, adware, and spyware. Cryptoviruses, which have seen an unfortunate surge in popularity among cybercriminals, are software programs that lock down a victim's systems in exchange for a ransom.

5. Injections

Injection attacks target websites and web applications and are recognized as the most significant security risk to web applications.

Injections are part of a broad family of cyberattacks in which criminals gain access to a program using a request that is interpreted as a command by the targeted application. This action alters the program's execution and allows the hacker to access a variety of information.

The most common are SQL injections and Cross-Site Scripting (XSS), especially in applications that are no longer supported. This is why you should always update your applications!

6. Insider trading

We are more used to seeing this term in the field of finance where a person holding confidential information uses it to invest in securities.

In computing, insider trading, which is part of internal threats , occurs when someone who has confidential information, such as a password or a key to a server room, uses it to commit a cybercrime.

For example, it could steal company data, as was recently the case at Desjardins, or sell this information to cybercriminals.

The key: cybersecurity

It is imperative for SMEs to protect themselves against the multitude of attacks they may face. By employing preventative and monitoring methods, the vast majority of cyberattacks can be countered. It all starts with implementing good cybersecurity practices internally.

Nexxo IT Solutions specializes in providing IT services to SMEs, and security is one of the services they offer. Contact us now to find out how we can help keep your business secure and running smoothly.

About Nexxo IT Solutions

Nexxo Computer Solutions specializes in providing IT and technology services to Quebec businesses. Its mission is to offer Quebec companies IT services tailored to their needs. Acting as an external IT department, it handles all of a company's IT tasks, allowing it to focus on its business activities. It achieves this by collaborating closely with its clients and putting their interests at the center of its concerns.