First Midwest BankFirst Midwest Bank logoArrow DownIcon of an arrow pointing downwardsArrow LeftIcon of an arrow pointing to the leftArrow RightIcon of an arrow pointing to the rightArrow UpIcon of an arrow pointing upwardsBank IconIcon of a bank buildingCheck IconIcon of a bank checkCheckmark IconIcon of a checkmarkCredit-Card IconIcon of a credit-cardFunds IconIcon of hands holding a bag of moneyAlert IconIcon of an exclaimation markIdea IconIcon of a bright light bulbKey IconIcon of a keyLock IconIcon of a padlockMail IconIcon of an envelopeMobile Banking IconIcon of a mobile phone with a dollar sign in a speech bubbleMoney in Home IconIcon of a dollar sign inside of a housePhone IconIcon of a phone handsetPlanning IconIcon of a compassReload IconIcon of two arrows pointing head to tail in a circleSearch IconIcon of a magnifying glassFacebook IconIcon of the Facebook logoLinkedIn IconIcon of the LinkedIn LogoXX Symbol, typically used to close a menu
Skip to nav Skip to content
FDIC-Insured - Backed by the full faith and credit of the U.S. Government

New Study Reveals the Top 3 Small-Business Cyber Threats You've Probably Never Heard Of

If you think your business is completely protected from inbound cyberthreats, think again.

A study released Wednesday from the San Diego-based CyberCatch, a cybersecurity platform provider focusing on small and mid-size businesses, reveals that more than 30 percent of U.S. small businesses have weak points that bad actors can exploit. Moreover, fraudsters tend to set their sights on small businesses since smaller companies usually have weaker security safeguards in place compared with those at larger companies.

Some of the main vulnerabilities that small businesses face include "spoofing," "clickjacking," and "sniffing," according to the study.

Spoofing occurs when a bad actor uses a fake IP address to masquerade as an authorized device with the goal of tapping into a company's private system. A clickjacking attack is a technique used to persuade a user to click on something that looks benign in their browser when they're actually clicking on something malicious. And as it turns out, sniffing attacks have nothing to do with smell, but rather involve hackers intercepting a network's traffic to access unencrypted data.

After using its proprietary scanning tool to look for vulnerabilities in more than 20,000 randomly selected U.S. small businesses, CyberCatch found that around a third suffered from spoofing while 28 percent succumbed to clickjacking. The scan, which was conducted last November and December, examined different vulnerabilities including cryptographic failures, security misconfiguration, authentication failures and outdated components.

So what can you do about it?

For starters, just having an IT team isn't enough, says Sai Huda, founder, chairman and CEO of CyberCatch. Even if your IT team deploys anti-malware software on a network's computers, a hacker could still steal an IT administrator's password through a phishing attack, or another mechanism, and access sensitive data.

"This is why a small business must first understand what are its crown jewels (its most valuable data and IT assets) and then make sure prevention, detection and response cybersecurity controls are implemented," Huda explains.

Once you've assessed your valuable real estate, Huda recommends companies test all of their systems--which include websites, software and web applications--to locate any security vulnerabilities. Vulnerabilities can range from a disabled security feature in your system to injections of malicious code commonly seen in cross-site scripting (XSS) attacks.

If you spot any security holes, patch them up before a cyberattacker finds them. Huda also advises businesses to inspect their websites or web servers regularly to detect any other weaknesses in their software. With these safe guards in place, businesses will be better positioned to fend off the attacks coming their way.

This article was written by Melissa Angell from Inc. and was legally licensed through the Industry Dive Content Marketplace. Please direct all licensing questions to legal@industrydive.com.

Subscribe for Insights

Subscribe