When it comes to ransomware, just because you’re small doesn’t mean you’re safe. A recent article in the Wall Street Journal suggests that small-to-medium sized businesses (SMBs) who have become acquisition targets of larger firms or investment groups are in fact one of the hottest targets for another group: cyber criminals.
Let’s first consider the problems faced by all SMBs.
All SMBs are Vulnerable
There is a persistent myth among SMBs in general that they are unlikely targets for a cyber attack because they’re too small to be interesting to cyber criminals who could be going after a Home Depot or Equifax. The fact is, many bad actors – probably the majority – are not looking for the biggest target, but rather the one that’s easiest to penetrate.
Sixty-six percent of mid-sized firms suffered a ransomware attack in 2021. The average payout was a little over $800,000, but that figure only represents a small fraction of the total cost. Companies must also bear the cost of incident response, restoring data, general business disruption and, in many cases, a seriously damaged reputation.
Why are mid-sized companies so vulnerable? For starters, fast-growing companies often have a lot of technical debt. This may involve hardware that needs to be retired and replaced or, even more likely, key applications that haven’t been patched or upgraded to incorporate the latest security features.
IT departments in SMBs are chronically under-staffed, and security functions are nowhere near the top of the priority list. With limited budgets, paying for security specialists is a stretch, and for many IT professionals in SMBs, security is just one of many hats they wear. Budget issues also limit the variety and sophistication of the defense systems these companies can afford.
The Special Risk for Acquisition Targets
The bottom line is, all SMBs are natural prey for ransomware attacks and becoming an acquisition target makes them even more attractive. Not only will they not have enough money to pay a heftier ransom, but their IT systems may ALSO contain a back door to the organization that is acquiring them.
Another reason being courted for acquisition – or simply getting that next round of funding – presents security problems is because of the attention drawn by the acquisition. There’s a natural desire to publicize these events for both the acquisition target and the acquiring company. Being acquired by a large and highly respected company is a vote of confidence that may have a positive effect on the acquisition target’s sales. The acquiring company can boast new capabilities needed by its customer base.
All this publicity is bound to attract cyber predators. Like everyone else in business, they follow the media looking for opportunities, and they are becoming more and more successful at exploiting their victims.
Safety in Isolation
Email is the vector for more than 90 percent of cyber attacks, and most SMBs make at least some efforts to prevent this type of infiltration, typically through a combination of email filters and employee education. But this approach is obviously not working. Of course, there are many other defense tools – intrusion detection and remediation, for example – but they too are far from successful, as statistics demonstrate.
The one approach that can stem the tide of intellectual property theft and ransomware involves isolation from the browser, because the link between the browser and the malignant URL is what opens the path to a successful exploit. Even in today’s world, where employees continue to work at home in large numbers and can access data from mobile devices virtually anywhere, technology incorporated in those personal devices can be highly effective in defeating malware. In fact, an end-point oriented, zero trust approach where every URL is isolated and evaluated is the only approach that makes sense.
An isolated URL can be compared to an explosive device that’s been surrounded by barriers that can contain any explosion. If malware is present, it can launch, i.e., “explode,” without causing any harm. Because modern CPUs have become so fast and efficient, the statistical analysis required to analyze every URL presented to a system can be accomplished without significant performance penalty.
Isolation is particularly useful to smaller companies involved in M&A activities because these activities always involve a high degree of secrecy related to intellectual property and financial agreements.
Defeating ransomware attacks and data theft at the browser level is an entirely new approach to fighting cybercrime, and given the growing sophistication of the attacks, it couldn’t have arrived at a better time.
