Over the past year, the quality and frequency of cyberattacks on small and medium-sized businesses (SMEs) has increased, thanks in large part to AI and automation. While cybercriminals are building off tried and true tactics, advances in technology are making it easier to find businesses that have vulnerabilities – and to exploit them.
Here are some of the top threats and trends SMEs face in the cybersecurity landscape today.
Social engineering
Social engineering involves manipulating individuals into disclosing private information. While social engineering attacks exploit human behaviour – they play on emotions such as trust and urgency to trick individuals into giving up sensitive information – technology advancements have helped cyber criminals cast a wider net and therefore realize greater success.
“AI is being used in a variety of different ways now,” explains Argast. “Better written content is an example where it’s tailored to the particular target. If you want to mimic a CEO, for example, you can feed in a bunch of the CEO’s previous writing and use AI to draft an email that has the same tone and language.”
Argast further explains that video and voice tools are becoming more prevalent – deepfakes of employees have successfully convinced people to transfer funds. “You can use a four-second sample of somebody’s voice to launch simulated messages and have real-time conversations,” he adds.
Third party risk
Argast explains that most businesses do not store their own data, so it’s hard for SMEs to control and manage the optimal level of protection. “Most organizations today don’t run their own technology stacks,” he says. “They don’t host their own data. Instead, they rely on SaaS1 providers and cloud providers of various pedigrees to do that. And third parties are getting compromised all over the place.”
With an ability to target suppliers with multiple partners, cybercriminals can gain access to thousands of organizations through one successful breach.
Business email compromise
In a business email compromise scam, criminals send an email message that appears to come from a known source making a legitimate request. Again, AI has given these scams a boost, making them more sophisticated and easier for scammers to carry out.
“Business email and transfer fraud is much more sophisticated than many people realize. It’s not a sketchy email from your CFO requesting a financial transfer to an offshore account,” says Argast.
“The business email fraud that’s happening today, with these wide-net attacks, enables attackers to live inside your email systems for weeks or months and insert themselves into existing chains of communication, which makes their activities seem highly credible. And they’re going to target the single largest financial transfer you’re going to do in six months.”
How to protect your business
Ultimately, one of the best ways to protect your business is to seek help from cybersecurity experts. “A lot of small business owners think they have to build this themselves, but there are good service providers out there who focus on delivering cybersecurity services at a fraction of what it would cost to build these kinds of capabilities in-house,” says Argast. “They know best practices, and they can scale their services to the size of the business.”
Read the full article by The Royal Bank of Canada here
