As data breaches become increasingly common – with big names like Nedbank, Momentum and Experian making the headlines - a cybersecurity expert has warned that SMEs are just as susceptible.
J2 Software CEO John Mc Loughlin says while many small businesses assume they are too small to be attacked, businesses of all sizes are targets.
Global research company Gartner predicts that by 2024 personal liability will fall directly onto many CEOs for failing to protect systems from cyber incidents. It believes that CEOs will no longer be able to plead ignorance or retreat behind insurance policies. The financial impact of cyber-physical security (CPS) attacks resulting in casualties to human life is predicted to reach over $50 billion by 2023.
Account takeover is rife, he says, and the use of weak or reuse of passwords is a contributing factor. “Once an attacker has the credentials, all they need to do is wait. They set rules, forward emails, and add themselves to management groups - waiting for the right piece of information to target their victims.
“We recently discovered in a pool of over 400 mailbox rules on Microsoft 365 there were four malicious rules configured that scrape for financial information and then forward the information out to a Gmail account. These rules were in place for some time at this company and they were unaware. The rules were set using known user credentials and it was never checked.”
Focusing on the network is simply not sufficient, he adds. That’s evident from the spate of breaches in the news each day. “Businesses must push towards a user-centric approach to security. The users are the ones accessing information and these are the places that the attacker will target. Your network is where your user is. Increased visibility is critical with the remote workforce and changing office landscapes.”