Old Routers, Email Impersonators Raise Security Stakes for SMBs

The security stakes for SMBs are high enough already as smaller organizations must grapple with the same threat as large enterprises, including ransomware and malware that’s been augmented by artificial intelligence (AI).

These innovative threats can distract from the reality that other mundane vectors remain a serious threat to SMB security.

It may be working fine, but it’s not secure

On the hardware front, SMBs need to be wary of threat actors targeting old routers. Earlier this month, CRN reported that nation-state hackers from China were linked to an attack that compromised hundreds of small business and home routers. Just because you’re a small business, doesn’t mean you won’t be eyed by international hackers.

One of the reasons SMBs are considered worthwhile targets are because they’re often part of a broader supply chain connected to critical infrastructure. Compromised routers can be used together to form a botnet – such a malware-infected device can become a launchpad to attack other organizations.

What all these routers tend to have in common is that they are end-of-life (EOL) products – they may still be working fine but are no longer being supported by the vendor with firmware and security updates. Since it costs money to replace aging hardware, companies often continue to use old, unsupported routers which not only lack needed updates, but weren’t designed with the smarts to combat the latest security threats.

The CRN article notes that bad actors view SMBs as nothing more than an IP address, so as a supplier organization providing others that provide critical infrastructure, smaller firms can be high priority target.

Check your email carefully

Email has long been an attack surface for businesses of all sizes, but SMBs should be aware of hackers hijacking mailing lists of other business, including those of their email service provider.

A recent example reported by TechRadar involves provider SendGrid, which was exploited by attackers to access client mailing lists to send tailored, authentic looking emails asking recipients to activate multi-factor authentication (MFA) via a link in the email. Unsuspecting users who clicked on the link were sent to fake login landing page that harvested their credentials.

Making sure you use a reliable, reputable email service provider isn’t enough to protect your business communications infrastructure from bad actors, who are getting smarter all the time and better at mimicking real organizations.

What you can do

SMBs need to take equipment upgrades seriously – just because a router still works, doesn’t mean it is secure, so have a process in place to regularly review endpoints to verify they are still supported by vendors with updates.

As long as there’s email, there’s going to be email phishing scams, so it’s important to maintain cybersecurity training so that employees can spot phishing attempts, no matter how sophisticated.

If you’re an SMB that is struggling to keep on top of all the cybersecurity threats in a dynamic digital landscape, consider turning to a managed services provide who can help evaluate your hardware and support cybersecurity training for your team.

There are many ways artificial intelligence (AI) and machine learning already impact cybersecurity. You can expect that trend to continue in 2024 – both as tools for data protection as well as a threat.

Balancing Cybersecurity Innovation Amid Evolving Threat Landscapes

Even as you implement AI and machine learning into your cybersecurity strategy through the adoption of tools like Security Orchestration, Automation, and Response (SOAR), Security Information and Event Management (SIEM) and Managed Detection and Response (MDR), so are threat actors. They will continue to update and evolve their own methodologies and tools to compromise their targets by applying AI and machine learning to how they use ransomware, malware and deepfakes.

With small and medium-sized businesses just much at risk as their large enterprise counterparts, SMBs must take advantage of AI and machine learning as mush possible. AI-directed attacks are expected to rise in 2024 in the form of deepfake technologies that make phishing and impersonation more effective, as well as evolving ransomware and malware.

Deepfake social engineering techniques

Deepfake technologies that leverage AI are especially worrisome, as they can create fake content that spurs employees and organizations to work against their best interests. Hackers can use deepfakes to create massive changes with serious financial consequences, including altering stock prices.

Deepfake social engineering techniques will only improve with the use of AI, increasing the likelihood of data breaches through unauthorized access to systems and more authentic looking phishing messages that are more personalized, and hence, more effective.

Countering Cyber Threats and Harnessing Innovation in 2024

If hackers are keen on leveraging AI and machine learning to defeat your cybersecurity, you must be ready to combat them in equal measure – just as AI and machine learning will create new challenges in 2024, they can also help you bolster your cybersecurity. While regulations are being developed to foster ethical use of AI, threat actors are not likely to follow them.

AI will also affect your cyber insurance as your providers will use it to assess your resilience against cyberattacks and adjust your premium payments accordingly. AI presents an opportunity for you to improve your cybersecurity to keep those insurance costs under control.

Conclusion

There’s a lot of doom being predicted around the growing use of AI and machine learning. And while it does pose a risk to your organization and its sensitive data, you can use it to bolster your cybersecurity even as threat actors leverage AI to up the ante. A managed service provider with a focus on security can help you use AI and machine learning to protect your organization as we head into 2024.

Listen to this Post

Subscribe

Keep up to date with our weekly digest of articles.

By clicking Subscribe, I agree to the use of my personal data in accordance with Supra ITS Privacy Policy. Supra ITS will not sell, trade, lease, or rent your personal data to third parties.

Let us know
how we can help

Need more information? Book a meeting with one of our experts today!