Cyber-attacks are becoming much more prevalent against small businesses. What is the reason for this? With big name hacks targeting larger corporations, those corporation in turn have spent a lot of money beefing up their IT Security framework. Smaller businesses however, tend to have a much different mindset. A majority of small businesses tend to have more of a reactive approach rather than a proactive approach. A big reason for this is costs. Up-front consulting fees tend to range in the tens-of-thousands of dollars. Between that and the costs of fixing security holes found by the consultants, most small business owners tend to bite the cost only after a cyber-attack has occurred. Unfortunately, this knee jerk reaction can end up costing a company more than a few thousand dollars. Often, reputations are on the line as well. Breaches must be reported to their customer base, and can often lead to loss in confidence from their clients. This can translate into a much deeper loss, as customers start looking for more secure solutions.

Another shift occurring in the information security world, is with whom the hackers are targeting. In previous years, top-level executives have always been the top targets for hackers. Compromising an executive’s email or computer can reveal interesting facts that the company would much rather keep under wraps. However, these executives often have very limited security permissions, which can make it difficult to pivot throughout the rest of the network. For this reason, system administrators are often finding themselves in the cross hairs. More often than not, these administrators hold credentials that can unlock much more than just a few secret emails. A sysadmin’s account can unlock further access into authentication servers, backend databases, or even access management systems or security systems. Compromising one of these accounts can lead to damaging financial or proprietary losses.

So what can we take away from this?

Most cyber-attacks start with phishing, which is a form of social engineering. Anyone can be a target, and the hackers understand that the weakest link in any secure environment, is the employee. Take some time to learn about how to prevent becoming a victim of social engineering, and you can help to greatly increase the security of any network that you have access to.