The Single Biggest Threat to Small Business Security: Zero-Day Threats

If you don’t know something exists, it’s hard to protect against it. Therein lies the challenge of zero-day threats, the technical term for cyber threats that capitalize on previously unidentified software vulnerabilities.

Developers in all industries are skilled at creating “patches” of code to correct vulnerabilities in their software once they’ve been identified, but cyber criminals are relentless in searching out new vulnerabilities and quick to pounce when they find one. The time between a hacker spotting a weakness and the software developer releasing a fix is when businesses are most susceptible to zero-day threats. During this period, cyber criminals seek to capitalize on the vulnerability by writing malware and distributing it via websites and emails that include fraudulent links or attachments. Even after cybersecurity firms identify an exploit and create a patch, a business could still fall victim before the software is updated.

Cyber Crime Targeting Small Businesses Is Increasing Rapidly

Zero-day threats are on the rise. In 2015, the number of identified zero-day vulnerabilities more than doubled to 54, a 125 percent increase from 2014, according to the 2016 Internet Security Threat Report by Symantec. That’s an average of more than one new threat per week.

Large enterprises are at the greatest risk, but small businesses are increasingly targeted. In 2015, 43 percent of cybercrimes targeted small businesses. The consequences of an attack can vary, but they typically include disruption in business operations, identity theft (when attackers gain access to confidential information), financial loss, and compromised or destroyed data.

Although it’s impossible to completely eliminate the threat posed by hackers, there are steps every small business should take to increase overall digital health and protect against zero-day threats.

  1. Install, maintain, and monitor an industrial-grade firewall.
  2. Use professional-grade anti-malware software on all devices attached to your network.
  3. Keep all computer systems updated with the latest security patches.
  4. Create strong passwords and change them regularly.
  5. Limit administrative rights on computers to necessary users.
  6. Educate your team about opening unknown or suspicious emails.

That last point is important. Often cyber attacks are waged by sending phishing emails to employees. Phishing tricks a recipient into downloading an attachment, clicking a fraudulent link, or sharing confidential information, such as a bank password. Phishing has evolved into spear-phishing, a more targeted and often convincing approach in which the sender pretends to be someone in the recipient’s life, such as a trusted colleague, vendor, or client. Last year, spear-phishing emails targeting employees increased by 55 percent, according to the Internet Security Threat Report.

A Key To Small Business Cybersecurity: The Thorough Backup

Backing up business-critical files regularly is a vital step in keeping your business secure, especially since ransomware attacks are on the rise. In this type of attack, perpetrators hold a business’s computer system hostage until a monetary sum is paid.

Sometimes ransomware threats can live undetected within a system for days, weeks, or even months. The longer they exist in the host environment, the more valuable they become to the perpetrator, who now has even more data to use as collateral.

However, it’s hard for cyber criminals to hold your business hostage if you have an ironclad backup system. Instead, you can work with your IT partner to wipe the system clean and start fresh from your last backup. Just be sure the backup files are severed from your network so they can’t be compromised, and routinely test your ability to effectively restore them.

Maintaining your small business’s cybersecurity is a full-time job, made all the more challenging by zero-day threats. By adopting cybersecurity best practices, you’ll decrease your business’s likelihood of falling victim to an attack. And if a determined hacker does make it into your network, you’ll have a much easier time recovering and mitigating damage costs if you have a properly configured backup system in place.

Do you have the right backup system for your business? Give Anderson Technologies a call today at 314.394.3001 to discuss backup processes and to work together to devise a plan for protecting against zero-day threats.