Skip to content

Protecting small businesses with multiple layers of defense

Post Russia unleashing its attack on Ukraine, there’s a high chance that if you’re working in the cybersecurity sector like me, you’re being asked a series of questions like: Do you think Russia will launch a cyberattack? Should I be worried? What can I do to protect my devices?

These questions are justified as the conflict prompted a series of alerts from government agencies and cybersecurity organizations, setting an expectation of a potentially devastating cyberattack on Ukraine and possibly on those supporting Ukraine. The messages keep coming. More recently on March 21, 2022, the White House issued a Statement by President Biden on our Nation’s Cybersecurity, warning that there is the potential of malicious cyberactivity by Russia against the United States in response to the economic sanctions imposed by western governments.

These messages continue to be broadcast and to encourage maintaining vigilance and ensuring that there are no weaknesses in existing cybersecurity operations and practices. Although the advice is especially targeted at organizations and businesses that fall into the critical infrastructure category, where a disruption can potentially cause chaos as witnessed in the case of Colonial Pipeline, all businesses should take heed and prepare accordingly. Malicious attacks can spread well beyond their intended targets, as has been seen with attacks utilizing the EternalBlue exploit, one of the tools chosen to deliver malicious payloads such as WannaCryptor and NotPetya, which caused unprecedented damage, disruption, and financial loss to victims.

The potential of a zero-day vulnerability being exploited as a cyberweapon is, unfortunately, a real risk. A book authored by Nicole Perlroth, This Is How They Tell Me the World Ends: The Cyberweapons Arms Race, published in February 2021, documents the thriving underground marketplace where governments are often the main customers of zero-day vulnerabilities and exploits.

Having set the scene with the need for preparedness, what technologies and actions should cybersecurity admins at small businesses consider? First, I refer you to an article I published on WeLiveSecurity regarding cyber-resilience and the US’s Cybersecurity and Infrastructure Security Agency (CISA) Shields Up campaign. The advice mentions ESET Dynamic Threat Defense, now known as ESET LiveGuard Advanced, a technology designed to detect zero-day exploits, which should be a priority given that the conflict in Ukraine is ongoing.

ESET LiveGuard Advanced can detect new and previously unknown threats by running them in a cloud sandbox. Detecting threats the first time they are encountered can sometimes demand more processing power and memory than is readily available on employees’ machines. ESET LiveGuard offloads the task of detecting such threats to more powerful machines in the cloud. Once these samples are in the cloud sandbox, they can be subjected to multiple machine learning models and robust detection techniques to classify them as clean, suspicious, or malicious. It’s a zero-day game changer.

Another area of focus should be the reduction of the attack surface to minimize the risk of a bad actor gaining access to your network and identifying a zero-day vulnerability to be exploited either now or in the future. Employee devices typically account for a significant portion of the attack surface, and with hybrid workforces being the new norm, revisiting the policies and technology used to protect endpoint devices will assist with reducing risk. To address the heightened need to protect corporate endpoints with multiple layers of defense, a combined package of protection, such as ESET PROTECT Complete or ESET PROTECT Advanced, is recommended.

If you’re a small business and believe you’re not in danger because you’re not as interesting to bad actors as large enterprises, consider the following statistics. According to ITRC’s 2021 Business Aftermath Report, 58% of small businesses suffered at least one security or data breach, and 44% paid between $250,000 and $500,000 to cover their breach costs.

Just like large enterprises, small businesses handle sensitive data and can become collateral damage from attacks aimed at other targets. Small businesses can also be seen as stepping-stones to attack large enterprises or critical infrastructure business partners. Indeed, no company is too small to be noticed by criminals and, therefore, no company should feel exempt from basic cybersecurity practices.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.