As a small business or mid-sized organization, cybersecurity can mean very different things. Most small businesses have less resources available to deal with threats.
And because attackers don’t really discriminate and segment companies by size as they target them, SMB’s are as much at risk as their larger enterprise counterparts.
In fact in a study released last year by Ponemon Institute, only one-third of small to mid-sized businesses stated they could actually detect and prevent most cyber attacks. More concerning was that 76 percent of organizations stated that successful exploits against them evaded antivirus.
No shock there, regardless of whether its “next-gen AV” or standard AV. The reality is that SMB’s are almost priced out of the “advanced” set of technologies that could help them counter threats in a different way, and prevent the impact from being too damaging.
In the same study, two-thirds of respondents stated they didn’t have the personnel to mitigate cyber risks. Interestingly enough, almost half of enterprise organizations are also facing a skills shortage according to ESG Global. In fact out of all IT areas, cybersecurity was the number one concern to address.
It goes without saying that sometimes, you get what you pay for, whether you hire junior or untrained staff, or from a technology standpoint if you have to rely on AV. For the record, the AV layer is better than having nothing in between an external compromise and an endpoint.
Indicators of Today’s Attacks Aren’t Evident to Most SMB’s
So what are we seeing out in the wild? And why is antivirus not a standalone solution?
One example is memory-based cyber-attacks, that are impacting companies of all sizes. Basically, nine times out of ten, malware tends to hide itself in memory and linger if there aren’t any detection or monitoring tools deployed to catch them.
A recent example of this is evident in an attack that impacted 140 banks and government agencies globally, where attackers stole system admin PW’s, using the host system to invisibly funnel data to attacker C&C servers.
Attackers used fileless malware, or malware that did not carry any signatures (indicators of its presence) that ended up wiping the memory to remove any trace of their activity on machines. They instrumented these attacks by using a Metasploit payload component in concert with a PowerShell script to execute it, and then also with Mimikatz, which is an open source tool used after the exploit, once administrative access was gained.
In fact, one of our threat researchers Micah Graf recently replicated this attack, tested it against antivirus and ran it against our technology. You can view that quick video here.
What You Can Do as a Small Business?
CounterTack understands enterprise security team needs, as well as what SMBs are challenged with everyday. Three key elements stand out in my mind for most SMBs:
- You need the ability to look into potential issues, when you think endpoints (servers, laptops, desktops) are impacted.
- You have to have technology that can deliver value beyond antivirus, especially if you are facing memory-based attacks.
- And of course, you need technology that is affordable and easily deployable.
ThreatScan PRO from CounterTack checks these three boxes for SMB organizations. ThreatScan PRO is our cloud-based subscription product specifically designed to scan endpoints, on-demand, to determine memory-based malware infections.
ThreatScan PRO is available to download via a cloud application, so that agents can deploy to target endpoints in digestible groupings of 100 to 500 generally, or more. ThreatScan PRO is powered by our Digital DNA (DDNA) technology under the hood, scoring threat severity and giving teams an opportunity to remediate what’s discovered.
The reason DDNA makes ThreatScan PRO different from any other solution is that its behavior-based. DDNA contains well over 2500 behavior traits, which account for over 20M threat variants within the malware genome hierarchy.
For SMB’s, there really isn’t time, and more to the point, there aren’t enough resources to go "chasing ghosts," if you don’t have the training to hunt threats in your system. And if your reliance is solely on antivirus to prevent threats from becoming breaches, you are a sitting duck.
Also, if you'd like to see ThreatScan PRO in action, take a look at our on-demand webcast where we featured multiple use cases and easy-to-follow steps to defend your organization today.