Small business owners often believe they will not be the target of a cyber-attack because they “don’t have what the attackers are looking for”. Do you know how attackers find their victims? Do you know what attackers are looking for and why a small business might be their target?  

They aren’t driving by your location and observing your operations. They’re not contacting someone on the inside to upload their malware. Instead, they use automated tools to scan the Internet for systems that are vulnerable. This creates a list of possible targets of opportunity. To an attacker, your business is just one or more numbers (usually in the form of an IP address -a sequence of numbers that identify your computer to other systems connected to the Internet). Yours is among tens or hundreds of thousands that their tools scan. When the scanning tool finds a system that contains a vulnerability, they add it to their list of targets for further exploitation. It’s all very anonymous and happens continually each day. 

Any of your business computers (or devices like printers, mobile phones, and tablets) connected to the Internet could fall into that widely cast net. The questions you should be asking yourself are; 

• Do my systems have “end point protection”? 
• Is my antivirus software active and updated? 
• Do I have a securely configured firewall? 
• Will I be alerted upon system or network intrusions or malware detections? 

If any of the answers are “No”, you need to take defensive actions now. Because once the attacker has compiled their list of vulnerable “targets” it’s too late.  

With their target list compiled, attackers move on to other automated tools that tell them which types of attacks are likely to be successful against their targets. You wouldn’t believe how simple it is! They just copy and paste the IP address of any vulnerable system into a field in their tools, add it to their “inventory”, then match the vulnerable devices to a list of “exploits” (activities that give access to your system and files, account credentials, malware that stops your equipment from operating, or other ways to damage your business).In minutes the attacker is shown a new list of vulnerable systems matched to exploits ranked by likeliness of success and what results they can expect. 

Since the tools are all automated, they can kick off a scan, watch an episode of Mr. Robot, and come back for the results. The attacker doesn’t have to be sophisticated or have a deep understanding of technology to carry out attacks with these tools. They never have to leave their parents’ basement and you’ll never have any sign of them until it’s too late. Now you’re stuck with a cyber-attack incident you’ll have to recover from. This could result in hours or days of lost business on top of the effort you’ll need to put into the recovery process. 

You can prevent yourself from becoming a target and staying off that list of vulnerable systems. The bulleted items listed above are a good starting point. There’s a lot to know about products and services that protect businesses like yours and you might need some help figuring out what security measures you need and how to implement them. It’s a good idea to reach out to a cybersecurity consultant to analyze your needs and protect your business.