May 17, 2020 •
For anyone even a little familiar with this movie, you may remember the famous line from Ed Harris (playing the flight director in Houston): “Failure is not an option.”
He said this despite the fact so many things went wrong all at once.
It struck me recently that there are interesting parallels for a business trying to deal with all the shots coming out of COVID-19, both early on and over time. They were fast and furious at the beginning; I am sure we all agree.
But what does the small business threat landscape look like now?
I thought about some key elements small businesses need to survive and even thrive in a
According to my colleague Tom Callahan, who leads the ControlScan Security Operations Center (SOC), the main thing we see within the small business threat landscape right now is the increase in phishing and credential theft, along with private data theft of personally identifiable information (PII) and private health information (PHI). We had a one-two punch this year with the pandemic occurring in tax season; there was a major influx of not just scams to get PII for stealing tax refunds, but also with using coronavirus fears to capture that same data and use it.
Attackers currently have an audience that is scared and vulnerable, and they are trying to exploit that for theft of information, as well as to deploy malicious software to personal and corporate systems through malicious emailed documents, websites, etc.
Beyond that, the COVID-19 pandemic has pushed the capabilities of many companies that were forced to quickly go to “work from home” operations without the relevant security in place. Most companies have spent years building up the security, compliance and protections within the “four walls” of their organizational systems and networks. But the focus has been on the systems and activities occurring in the workplace. Now you have a workplace that is expanded out to home offices, with the sudden introduction of laptops or other mobile devices, and potentially the creation of untested and improperly secured remote access methods.
Many don’t have the expertise—or the budget—to enact these changes in a quick fashion, and in the right way. They have done everything they can to remain functional, but likely have not considered, or accepted the risk, of an improperly enabled remote workforce.
Here are some specific vulnerabilities the ControlScan SOC sees continuously exploited:
The breach cases—especially those involving payment card data—over the past few years continue to reveal three key issues that show up as a pattern:
Ask questions of your trusted advisers and keep in mind that the human element is always a key factor. Creating an environment with ongoing education and a healthy skepticism for unsolicited emails is important. Think like a risk manager and start somewhere is our call to action!
Learn more about the current small business threat landscape and get our tips for protecting your business. Subscribe to this blog today.