What is the most dangerous trait of a cyberattack?

Some use complex social manipulation to spear phish individuals. Others deploy weaponised artificial intelligence (AI) and sophisticated malware programmes to gain access and create chaos.

By Hans-Peter Bauer, senior vice-president: EMEA at BlackBerry

In my experience, however, the most dangerous aspect of many attacks is their relentlessness.

According to the UAE government head of cybersecurity, Dr Al Kuwaiti, the country prevents around 50 000 attacks each day. Given insight reported in the latest BlackBerry Quarterly Global Threat Report, a growing proportion of these will be novel malware – new threats, or new variations of known ones – indicating the diversification and intensification of attacks by malicious actors, who are working harder than ever to penetrate lucrative targets.

Increasingly, their sights are set on small and midsized businesses (SMBs) that may be more likely to pay ransoms to resume operations and minimise losses, or have invested less in comprehensive cybersecurity protection. In fact, BlackBerry’s Threat Research team reported in 2022 that SMBs face upward of 11 cyberthreats per device, per day – a concentration much higher than enterprises.

With the UAE’s Digital Economy Strategy in effect and working to double the digital economy’s contribution to the country’s Gross Domestic Product (GDP) by 2032, the urgency to protect all businesses growing their online presence and reliance is paramount.

For large businesses, injecting funding into their cyber defences can be an effective solution, adding comprehensive security software, and specialist skills and resources to bolster the Security Operations Centre (SOC). For smaller businesses, the answer is not as straightforward – and the consequences can be extreme.

According to one industry study, the UAE suffered losses exceeding $32 million due to cyberattacks and data breaches between 2018 and 2022. Understanding the nature of the threat is the first step towards organisations prioritising actions to increase protection in today’s threat landscape:

Why underestimating the smaller details is creating the bigger problems

The news cycle is littered with sophisticated cyberattacks from across the world. Seeing this, small businesses may anticipate highly technical attacks on their infrastructure. However, this is rarely the case.

Cybercriminals are relying on older techniques to target smaller businesses with high volume, scattergun outreach. Whilst this may be surprising, it is proving to be incredibly effective.The most common attacks are the simplest ones, and older techniques such as phishing, social engineering and so-called “watering hole” attacks to infiltrate internal organisational teams, have been popularised by the proliferation of unsecured channels for work purposes.

These include gital channels such as SMS, mobile phone apps like WhatsApp, and collaboration apps such as Slack. In the UK, for example, BlackBerry Threat Intelligence research discovered that out of the nearly 40% of UK businesses who identified an attack, the most common threat vector was phishing attempts (83%), while only one in five businesses identified the anticipated sophisticated techniques of malware and ransomware.

Even the messiest threat actors are succeeding, despite lacking the flair of big ransomware groups. In multiple incidents, threat actors left behind playbook text files containing IP addresses and more.

Despite being less technically advanced, cybercriminals were able to infiltrate organisations’ barriers due to small businesses continually using older technologies and infrastructure for protection.

SMBs will remain prime and easy targets, even for the simplest of attacks, if they fail to upgrade and boost their security. Last year was a testament to this with an overabundance of attacks on SMB targets.

So how can we guard against this?

People, processes, technology: How businesses can build effective protection

Before even thinking about the right cybersecurity solution, many SMB leaders will be thinking about how much employing a whole team will cost. Luckily, it’s possible to outsource help and secure a level of protection that few organisations can otherwise afford on their own.

There are three elements that small businesses should consider:

* People. Many SMBs around the world are seeing a digital skills gap, meaning teams are either thinly stretched or non-existent. To avoid the struggle of finding excess staff, businesses can engage a Managed Security Service Provider (MSSP) as a cost-effective solution at the right scale. An MSSP provides outsourced monitoring and management of security devices and systems. They give customers 24/7 services that maintain a strong security defence.

* Processes. No outsourced services or sophisticated technologies can prevent human error but it’s possible to reduce it by fostering positive security attitudes and cultures. Effective training and processes are key. Furthermore, a Zero Trust security model reinforces processes with technology, by assuming every user, endpoint, and network are potentially hostile. No user can access anything until they prove who they are, that their access is authorised, that they’re not acting maliciously, and that the WiFi or cellular network they are connected to is not compromised.

* Solutions. Many SMBs fear that they don’t have the visibility or power to stop cyber threats. By collecting and analysing data from multiple sources, Extended Detection and Response (XDR) gives businesses a complete view of all potential network and endpoint vulnerabilities, and enterprise security personnel can more effectively prevent cyberthreats. XDR can detect threats as they happen, allowing security teams to investigate and act quickly and has 365x24x7 threat monitoring, keeping businesses secure even at weekends and during holidays. In the event of a cyberattack, XDR enables faster discovery, response and remediation, freeing up valuable resources to focus on more impactful projects.

Before disaster strikes, call in backup

Many SMBs might feel alone during the cybersecurity crisis, but they needn’t. Backup is out there, whether in the form of people who can help serve your cybersecurity needs, solutions that automate responses, or a Zero Trust attitude to cybersecurity across every access point and every member of your team.

Given the existing threat landscape, the need for visibility across the entire security function is a necessity. Furthermore, there are a wealth of solutions available to enable SMBs to be proactive in building the right defence strategy.

A future in which SMBs are confident to use the tools and resources around them will see far more not just survive but actively shield against the growing ingenuity and volume of potential cyberattacks for many years to come.