Cyber Demystified

Cybersecurity for small and medium businesses

5 Unique Cybersecurity Threats You Need to Know to Protect Your SMB

Before you work to strengthen your network of your small or medium business (SMB), you need to determine from who you are trying to protect or defend yourself (ie: your threat actors). CISSP (a highly regarded IT/Cybersecurity certification) has a list of categories that you can use, and while having those categories may be accurate, it adds unnecessary noise to the conversation. Here is an example of what I think is an excessive list of threats for a SMB. You can likely break down your threat actors into five categories:

1) Hunt team – This would be someone like Google TAG, and probably doesn’t apply to you unless you are or are working with the government. If you are a small or medium business and you are working with the government, you likely have a cybersecurity team at your disposal.

2) Criminals – This would be an individual or group of individuals who, instead of robbing banks or stealing cars, are exploiting your network in an attempt to get away with a modern day heist.

3) Script kiddie / Enthusiast: This is someone whose skillset will vary, but is engaging in this type of activity for one of two reasons. The first is to make a point, or maybe more accurately, just to watch the world burn. The second is because they are new to the field and are learning on your infrastructure. People who engage in hacking, or the related fields, are often naturally curious people, so doing something “just to see if I can” is a likely response.

4) Nation state – This would another country that is likely interested in either the intellectual property that your organization has, or access for follow on actions (think powerplant). This type of threat is well financed and if they picked you as a target, there is a decent chance that they will be successful. It’s just a matter of how successful and when you find them. If this threat is a concern of yours, you are likely aware. Alternatively, you may not be a direct target to another country, but they could utilize you as a means to an end. If that is the case, it’s unlikely that you will be impacted during this process. Once this actor has accomplished what they were attempting to do, they will likely leave you alone, and you’ll never be the wiser. A scenario where ignorance is bliss may very well be the case.

5) Insider threat – This is someone who you have welcomed into your environment or space, either as an employee, contractor, or a vendor. You have given this individual an amount of trust, and it was abused.

Understanding your threat is important because it allows you to implement the appropriate defenses. Cybersecurity is full of buzzwords and end of the world scenarios which are possible, but the possibility of them happening needs to be realistically considered. If you don’t realistically consider them, eventually you’ll find yourself frustrated with spending excess money on something that you don’t see a return for, and that is when you leave yourself vulnerable to low hanging fruit style attacks.

If you found this article interesting, check out some other posts:

Or head over to the Contact Us page if you have a particular question that you would like answered