Cyber ​​attacks targeting SMEs and countermeasures

Cyber ​​attacks targeting SMEs and countermeasures

Due to the influence of the new coronavirus infection, digital shifts such as telework have progressed at a stretch. On the other hand, the number of cyber attacks aimed at inadequate security is increasing rapidly.
In this blog, security consultant CISO Shinji Nasu will introduce cyber attacks that can be targeted by small and medium-sized enterprises and seven security measures that should be implemented immediately.

Increased risk of information leakage due to the introduction of telework

I think that there are many companies that forcibly carried out telework in the middle of Korona-ka. What are the risks of telework? For example, when an employee starts teleworking on his / her home PC, the patch file of antivirus software may not be updated to the latest version, or the PC may be hijacked due to an inadequate home Wi-Fi security setting. I have. As a result, damage such as information leakage will occur.
In addition, the introduction of telework is one of the factors behind the rapid increase in cyber attacks in 2020, such as the discovery of the problem that third parties can participate in meetings with Web conferencing tools.

Becoming a perpetrator of cyber attacks without the knowledge of SMEs

There is a cyber attack called a supply chain attack. It is a cyber attack that does not directly attack the final target large company, but first invades the small and medium-sized enterprises that have transactions with the large company, and then attacks the large company from there. Small and medium-sized enterprises, which have less security measures than large enterprises, are the first target, so they cannot be ignored. Moreover, if intruded, the company will become the perpetrator and attack the major companies without knowing it. Security measures are important not only for your company, but also for the other companies you do business with.

Other cyber attacks you should know

It is a cyber attack that steals and encrypts confidential data such as customer information, and demands money to stop the disclosure of the stolen data and decrypt the encrypted data. A major game maker was damaged in November 2020. In small businesses, accounting firms encrypted data on their internal systems with ransomware and eventually went bankrupt. The cause was that although all the data in the server was deleted to restore the state before the attack, the backup data could not be restored and business could not be continued.
It is a cyber attack that spreads infection by sending an email with an attached file from a person who exchanged emails in the past and clicking the attached file to send the same email to the destination registered in your contact. .. When infected, damage such as information leakage will occur.
It is a cyber attack that needs attention because major companies are also paying attention to Emotet as a cause of information leakage.

It ’s okay because it ’s a small business, but it ’s dangerous.

Revision of Personal Information Protection Law
The “Personal Information Protection Law” has been revised, which applies to all companies that hold personal information regardless of the size of the company. Execution will start in the spring of 2022, but the statutory sentence will be raised from December 12, 2020, and a fine of up to 100 million yen will be imposed under the Personal Information Protection Law. Of course, personal information leakage due to cyber attacks is also a target.
Antivirus software cannot prevent all cyber attacks
Do you think that you do not have to worry about cyber attacks because you have installed anti-virus software? In fact, there are many cyber attacks that cannot be prevented by anti-virus software alone. Please be aware that other measures are necessary in the future.

Make sure you practice basic security measures

The following seven security measures should be implemented even by small and medium-sized enterprises.
1. OS / software update and update
2. Installation and update of anti-virus software
3. Use and update of secure browser
4. Use of UTM
5. Firmware update of devices such as routers
7. Education
Each item is explained in the webinar archive video.