Back in February 2022, officials from the National Cyber Security Directorate reported that cyberattacks on Romanian infrastructure had increased “100-fold” due to political instability in neighbouring countries. Information like these and the huge number of incidents continue to demonstrate that cybercrime is a complex, evolving problem.
So, what hope do small businesses have against such a sophisticated threat? Let’s take spear phishing as an example.
Regardless of which source is consulted, cyberattacks against businesses are on the rise all over the world. Worryingly, Forbes claims that smaller firms are more likely to be plagued by digital attacks than larger ones, while consultancy company FSB notes that the same group of organisations may have to defend against up to 10,000 attacks each day. Most of these arrive in a rather boring fashion, via email.
The objective of cybercriminals is to get the keys to the entire company as quickly as possible. This is often achieved via ‘spearphishing’, in which a malicious actor imitates an important person to trick somebody into giving up passwords and other important details. Used on a workforce that isn’t knowledgeable about cybercrime, this attack is often successful – and costly.
There’s a strange disconnect between how people behave with their own tech and the way they handle computers and phones at work. For instance, at home, most people are aware of the importance of regular back-ups and may even keep spare devices around for emergencies. This has led to the creation of what ExpressVPN has described as a tech survival kit, a supplement to a ‘bug-out’ bag for struggling devices.
A tech survival kit should contain everything necessary to make minor repairs to consumer tech, such as a screwdriver kit, a pen knife, charging cables, and a flash drive filled with copies of important documents. The package should also have items that can help in genuine emergencies, like a satellite phone, a pre-paid SIM card, and a portable WiFi hotspot. These can help expedite rescue in a worst-case scenario.
This kind of thing – disaster prep – usually falls to IT departments in the office, which creates apathy towards cybercrime among the rest of the staff. The idea that somebody else will do it can often leave holes in a business’ defenses. In the UK, for instance, the 2019 IT Security Summit revealed that only 23% of employees had received training on cyber threats during their time at a company.
The problem with battling digital threats is that it’s very much a human problem, which means that the only solution is education. Of course, not every business is willing to raise barriers against an issue that might never occur, as is sometimes the case with more mundane nightmares like flooding. However, in Romania, cybercrime is so lucrative that ABC News claims it has taken over entire towns.
Overall, there are few cyberattacks that can’t be halted at the source, as they usually require social conditioning, i.e. simple persuasion. Companies have few options without the desire to stop cybercrime in the first place, though.