Cybercrime has a price. One that more and more business owners find themselves paying. 

The costs push well into the six figures, according to the U.S. Federal Bureau of Investigation’s (FBI) 2022 cybercrime report. On average, a business email compromise (a form of usually through targeted phishing or other account hacking) siphons $125,611 in funds. Ransomware attacks hold company data hostage for an average of $14,403. And data breaches level businesses for an average loss of $164,336. 

Cybercriminals increasingly wage these attacks against businesses with revenues of $500,000 or less, which makes the thought of a six-figure loss for them even more sobering. Retailers, professional service providers, real estate companies, medical practices, and other businesses like them now find themselves the preferred targets for a growing body of cybercriminals. 

Yet you can help prevent your business from getting hit.  

To counter this rise in attacks, we created McAfee Business Protection in partnership with Dell. It offers an all-in-one solution, with automated protection features that helps secure a company’s employees, along with their data, devices, and online connections. Intuitive setup and guidance for each employee strengthens their personal security posture and fortifies the overall security of your business as a result. 

And today, there’s an absolute need for that kind of protection. 

Why would a cybercriminal target my business? There are bigger fish out there. 

Cybercriminals have good reasons for targeting businesses with revenues of $500,000 and less: 

These businesses often lack online protection tools and support, making them more vulnerable to attacks than larger organizations with stricter security measures in place. 
Attacking these businesses often requires lower degrees technical expertise. Cybercriminals can buy or rent hacking tools and services on the dark web that can take advantage of poor security. 
They are prime for ransomware attacks, because many of these businesses don’t have data backed up or data recovery plans in place. 
Their employees aren’t always trained in good security habits, unlike larger businesses that may have such training in place. They may not recognize a phishing email when faced with one. 
Attacks on businesses of this size attract less attention. While cyberattacks on big businesses make big headlines, they often draw significant attention from law enforcement whereas smaller attacks may not.  

Cybercriminals may take in smaller hauls from these businesses, yet they make up for that in volume. They will attack several smaller businesses for smaller dollar amounts, which can rival the funds they’d reap by attacking one large target for one large amount—and with less relative risk. 

Another factor that makes these businesses so attractive to cybercriminals is that one hack can lead to another.  

Case in point, you might recall the massive data breach at Target during the holiday shopping season in 2013. It exposed some 41 million customer records, which cost Target nearly $300 million in settlements and losses. How did the hackers get in? By hacking a local HVAC contractor that used Target’s systems for billing, contracts, and project management.  

This shows how a breach in even the smallest of links in the supply chain can lead to yet another breach that impacts millions of people.  

As always, hackers look for easy, low-risk targets that offer the highest reward. In the case of businesses that make $500,000 a year or less, they’ve found exactly that. 

Two roadblocks to a more secure business: time and remote workers. 

Even as cybercriminals increase their attacks, both time and remote work only increase the risk to businesses.  

Time is an issue business owners know well already. There’s never enough of it, which means some aspects of the business get prioritized over others. In this mix, cybersecurity suffers. 

Our own research in the U.S. and Europe found that 63% of small business owners spend an hour or less on protecting their business a week. Moreover, 45% manage security in an ad-hoc way. It’s understandable, given that business owners would rather invest time in growing their business rather than managing their security. However, this low prioritization puts the business at risk, which could result in those six-figure losses mentioned above. 

The advent of remote work introduces further security issues as well. In the wake of the pandemic, many employees continue to work remotely or remotely part of the time.  

The implications for security can be significant. Whether working from home or some other location like a café, these employees may not have proper cybersecurity protection in place. Further, they may be using unsecure networks or Wi-Fi that can put company data at risk—not to mention their data as well. In all, remote workers can find themselves quite vulnerable. 

Protection from breaches and attacks with security that’s built for your business. 

As we created McAfee Small Business protection, we kept these issues in mind. We created protection that’s strong, and we made it straightforward as well. Business owners can set it up for their employees quickly and put controls in place to ensure they’re secure. Meanwhile our Protection Score measures the overall security of the business and offers guidance that can make it even more secure. 

By design, it offers:  

All-in-one protection: It helps secure your employees, plus their data, devices, and online connections from hackers, malware, viruses, and more with a single solution. 
A solution that grows with your business: Employers can extend protection to each employee, protecting their data, devices, and online connections with custom guidance that strengthens their security posture. 
Simple and guided management: Automated protection and timely alerts let employers know when something needs attention, even when on-the-go, all from the Security Console. 
Support when you need it: Our team of experts are available by phone or chat to help with setup or guidance when something needs attention.  
The performance you demand: McAfee’s next-generation threat protection helps secure data and devices from threats both known and unknown and keeps devices running safely and smoothly.    
A trusted expert in security: McAfee has more than 35 years of experience protecting millions of people and their devices around the globe with award-winning security that’s recognized by SE Labs, AV-TEST, and AV-Comparatives. 

Further features secure your business in breadth and depth: 

Device protection ensures that operating systems are up to date, devices have password protection, and that files get encrypted when and where possible. 
Web Protection sidesteps phishing attacks and malware downloads with clear warnings of risky websites, links, and files.  
A secure VPN can automatically help keep your data private and secure anywhere your employees go with bank-grade encryption.  
A File Shredder deletes sensitive company files completely to ensure no traces are left behind on your devices.  
Identity Monitoring alerts employees if their personal information is found on the dark web. 

These are just a few of the security features offered, and you can see a full list on our partnership page with Dell here. 

By protecting your business, you protect your customers, clients, and partners too. 

Cybercrime indeed has a price. Beyond the dollars involved, the costs can run yet deeper from there. Downtime in the wake of an attack hits the bottom line. The recovery efforts that follow do as well. Additionally, businesses can suffer reputational damage if an attack also affects its customers, clients, and partners.  

Now, a shift has taken place. Cybercriminals still go after big businesses and major organizations, yet an increasing number of them go after businesses with revenues in the seven or even six figures. Poor security posture is one reason. Another is that even relatively amateur operations can wage attacks with “off-the-shelf” hacking tools found on the dark web.  

In short, every business faces the risk of cybercrime today. 

Yet with the right protection in place, you can avoid paying the price of cybercrime. And the introduction of our new McAfee Business Protection makes it easy in a time when it’s needed most. 

The post The Price of Cybercrime: Protecting the Business You’ve Built from Hacks and Attacks appeared first on McAfee Blog.

Read More

Cyber defense upskilling company RangeForce has announced the release of the Defense Readiness Index (DRI) to enable companies to measure and improve their cybersecurity capabilities. Integrated into RangeForce’s Threat Centric platform and mapped to both the MITRE ATT&CK and D3FEND frameworks, the DRI scores an organization’s readiness to respond to cyberattacks, the firm said in a press release. It also provides cybersecurity upskilling rooted in United States Department of Defense and NATO training to help teams to prepare for threats, it added.

Strong and effective cyber readiness can be challenging for many organizations. The latest Cisco Cybersecurity Readiness Index, which ranks companies in four stages of cybersecurity readiness (beginner, formative, progressive, and mature), found that more than half of organizations fall into either the beginner or formative category, with only 15% in the mature stage. Identity management is recognized as the most critical area of concern with 58% of organizations either in the formative or beginner category, while 56% of organizations were at the lower end of the readiness spectrum for network protection.

To read this article in full, please click here

Read More

Apple has shipped patches for the remote code execution (RCE) vulnerabilities in iOS that have already been exploited in the wild under the digital spy campaign, dubbed Operation Triangulation.

The campaign used two zero-click iMessage exploits and compromises without any user interactions based on a pair of bugs respectively in the kernel and Webkit.

Apple has attributed the discovery of these vulnerabilities to Kaspersky Lab just two weeks after the Russian cybersecurity firm reported discovering an advanced persistent threat (APT) actor launching zero-click iMessage exploits on Russian iOS devices.

To read this article in full, please click here

Read More

Security and threat intelligence company Silobreaker has announced new geopolitical threat intelligence capabilities with RANE (Risk Assistance Network + Exchange). The tie-up will see Silobreaker integrate global risk intelligence company RANE’s enterprise geopolitical intelligence into its own platform, providing cyber threat intelligence teams with real-time information about world events that could heighten the risk of cyberattacks.

The integration, announced at Infosecurity Europe 2023 in London, will provide context into highly complex, interconnected events, allowing teams to take proactive steps to reduce their organizations’ exposure to risks impacting business productivity, resiliency, and continuity, Silobreaker said.

To read this article in full, please click here

Read More

The DSIT jury awarded the prize to the Belfast-based smart city security provider with a unanimous decision

Read More

Once upon a time, the boundary that I worried about and considered that I was responsible for stopped at my Active Directory domain and at the firewall that protected it. Then the boundary of my network moved from the computers under my control to the internet and the connected devices and cloud applications that I now have access to and am linked into. We went from where the stakeholders of the firm were resistant to anything being in the cloud, to where we are now where we know we are half in the cloud and half still on premises.

No longer can I merely worry about the computers listed in my Active Directory users and computers snapped in, now I need to be concerned about applications and APIs that could create authentication links into apps that are inside my domain.

To read this article in full, please click here

Read More

The growth of IoT and connected devices is contributing to an expanding attack surface, despite upcoming legal controls

Read More