Your SMB May Be More Vulnerable to Malware If You Live Here

Your SMB May Be More Vulnerable to Malware If You Live Here

If you work in Maine, Arizona, Texas or Alabama, you have a greater chance of malware encounters than in other states. Researchers with Malwarebytes found that geographic location matters when it comes to who gets targeted for malware attacks. These states have a higher rate of industries most often targeted for malware, including aerospace, automotive, health care, technology and oil and gas.

What’s more, geographic location plays a big role in how much malware an SMB is likely to encounter, mainly if they are in Western or English-speaking countries, according to Adam Kujawa, director of malware intelligence for Malwarebytes.

"Most cyber attacks target the largest populations with the most resources and the U.S., UK, Canada and other parts of western Europe are exactly the kind of people these guys want to attack,” Kujawa says. “When you get more specific, such as with states and cities, it’s usually more about the kinds of industry and knowledge about cyber threats that causes most infections rather than actual targeting.”

Just as you would be aware of the overall crime statistics for a community before setting up headquarters, it is now equally important to be aware of the cyber crime statistics for an area. This includes understanding the types of threats out there, how they are spread, and what security solutions are needed to stop them from infecting your company network.

Know what solutions are available

"This includes utilizing security solutions like anti-malware software that relies on behavioral identification of threats, in addition to signature-based identification, to stop the malware that hasn’t been seen before,” Kujawa says.

Your actual location is just one aspect of geographical-based malware attacks. Like other types of crime, cyber crime can build in a specific neighborhood. Attacks can originate from another small business in the area that had been compromised and used as a pivot point to target your network.

Criminals have SMBs in cross-hairs

Although some states are hit at higher volumes than other states, SMBs everywhere are under attack. Businesses in all 50 states have seen an increased number of malware detections. For example, Malwarebytes’ research found that in 40 states, total malware incidents more than doubled in the beginning of 2017 as compared to the first quarter of 2016. There is no indication that the volume of malware detections will be decreasing any time soon, especially for SMBs.

"SMBs are in a unique and dangerous position when it comes to how they are targeted by cyber criminals,” Kujawa says. First, many SMBs simply don’t have the ability to deploy solutions powerful enough to ensure safety from the same attacks that affect consumers because they have smaller budgets that don’t support sophisticated security tools or security professionals.

Attacks often come via third parties

Second, SMBs also are now targeted directly, as hackers take advantage of third-party relationships between large and small companies. Kujawa says there are incidents where hackers directly infect a small business in hopes of extorting them to decrypt encrypted files or to infect the network in order to gain access to the networks of larger corporations.

SMBs also make targeting easy for hackers, with public facing email addresses and websites, for example. The readily available email addresses could be used to send spear phishing emails that appear to come from legitimate sources that frequently work with the business. The website could be exploited if it has lax security deployed on it, allowing the criminals to use things like SQL injections to gain access to back-end systems and possibly sensitive data.

SMBs often don’t have the means

"SMBs are vulnerable when they deal with the storage of personal or sensitive information, such as financial and/or medical records,” Kujawa says. “Unfortunately, many small businesses might also not have the resources to completely secure this data as much as it would be with larger organizations. Cyber criminals are aware of this and utilize it when directly targeting SMBs.”