Did you know the average total cost of a data breach is now up to $3.92 million?1 There are all types of network vulnerabilities, and between excessive ransoms and substantial business shutdowns, attacks are only getting more devastating and costly. Throughout the coming year and beyond, it’s more crucial than ever that small and medium-sized businesses (SMBs) and MSPs double down on cybersecurity.
Here are the top 4 data breach vulnerabilities you should know about.
1. Phishing and Whaling
Phishing attacks are one of the biggest causes of data breaches worldwide. The latest data from the 2019 Verizon Data Breach Investigations Report indicates most successful breaches involve phishing and the use of stolen credentials.2 In fact, 90% of the malware businesses encounter is delivered via email.3
Phishing, which targets individuals, and whaling, which targets executives and high-value assets, are criminally crafted email campaigns that aim to trick people into downloading malware or entering sensitive data. The good news is that end user security awareness training and cybersecurity products are excellent ways to thwart common data security threats such as phishing and whaling attacks.
2. Ransomware and Worms
Ransomware is one of the most disruptive and prolific security threats today, and it’s shown that it can debilitate any business. SMBs often lack sophisticated security and backup infrastructure, which makes them particularly vulnerable to these attacks. Popular ransomware variations lock organizations and end users out of their computers, data, and networks. This halts critical computer systems until the victim pays a ransom. Although ransomware typically targets businesses via phishing attacks, hackers often use methods like worms to infect all computers that connect to a network.
The worm-like capabilities of ransomware enables it to quickly and exponentially attack computers across your clients’ networks, including everyone they do business with. That’s why, when it comes to ransomware, an ounce of prevention is worth a pound of cure.
3. Remote Desktop Protocol (RDP) Attacks
Commonly used for its convenience, RDP allows administrators to remotely connect to their users’ computers. Unfortunately, cybercriminals are notorious for exploiting RDP to steal sensitive data and installing backdoors and other crippling compromises like ransomware. Hackers have developed brute force password-cracking programs that can try millions of possible password variations to access remote computers. The best way for administrators to avoid RDP exploits and data vulnerability is to switch it off if they don’t need it. If they do, then using two-factor authentication will help counter brute force password attacks.
4. WiFi Hotspot Vulnerabilities
It’s no surprise that public WiFi can put organizations in harm’s way. Hackers have a plethora of ways to steal data and intercept communications via man-in-the-middle (MITM) attacks, packet sniffing, session hijacking, and spoofed access, just to name a few. Virtual private networks (VPNs) encrypt connections to make data less vulnerable, but attackers may still be able to find and exploit security holes.
If you have a remote workforce, it’s important to educate end users on best practices for connecting securely to WiFi networks. If you provide public WiFi for guests, customers, or contractors, then it’s just as important that you keep visitors safe by adding security for your WiFi. Consider a DNS-layer security solution.
What can MSPs and businesses do to secure themselves
against data vulnerability and attacks?
1 IBM. “2019 Cost of a Data Breach Report.” (July 2019) Verizon.
2 “2019 Data Breach Investigations Report.” (May 2019)
3 Based on threats identified by Webroot after scanning real-world network traffic.
4 Webroot Inc. “2019 Webroot Threat Report.” (February 2019)