Only a handful of SMBs prioritize cybersecurity

It gives hackers the leverage to launch attacks on them easily.

8 in 10 Canadian SMBs are at risk of an attack

The cybersecurity news cycle often leads people to believe that only large enterprises with substantial budgets and expansive customer bases are the primary targets of attacks. However, this isn’t entirely true as small and medium-sized businesses (SMBs) also hold sensitive information that is attractive to bad actors, and they are typically less prepared to safeguard it.

CyberCatch, based in Vancouver, has highlighted the state of security for SMBs in its recent Small and Medium-Sized Business Vulnerabilities Report (SMBVR), revealing that eight out of ten Canadian SMBs are at risk of a cyberattack. Many of these businesses operate in critical industry sectors such as finance and healthcare. The report’s findings all point to the need for strong cybersecurity measures in the SMB segment.

Top 3 major vulnerabilities present across SMBs

Spoofing

Spoofing is a vulnerability caused by weaknesses that allow the website to accept invalid data. An attacker could send scripts to fool the web server into producing usernames, passwords, or an entire customer database. Attackers can also spoof website content and redirect traffic to an attacker-controlled site to steal user credentials or install malware or ransomware.

Clickjacking

Clickjacking is a vulnerability caused by weaknesses that allow an attacker to insert stylesheets, iframes, text boxes, or layers and “hijack” a web page or portions of a web page to trick users. Attackers can steal user credentials or account secrets, making it easy to install malware or ransomware.

Session riding

Session riding is a vulnerability caused by weaknesses that allow an attacker to force a user to submit a malicious request unknowingly while already authenticated. The site will have no way to distinguish between the forged request and a legitimate request sent by the victim, causing a state change on the server. Attackers can change the victim’s password and use the access gained.

And the common security weaknesses behind them (vulnerabilities)

Software and data integrity failure

Vulnerable and outdated components

Security logging and monitoring failures

Server-side request forgery (SSRF)

Identification and authentication failures

Security misconfiguration

Cryptographic failures

Injection

Industries at risk

The Q2 2022 SMBVR report reveals that hospitals, utilities, and banks and credit unions have high levels of vulnerabilities in their Internet-facing IT assets, making it easier for attackers to exploit.

Source: CyberCatch

What’s the solution?

SMBs should regularly scan their websites, software and web applications facing the internet to make sure there are no vulnerabilities such as spoofing, clickjacking, session riding and sniffing, as pointed out earlier. If vulnerabilities are detected, steps should be taken to fix the weaknesses promptly. Otherwise, the mistakes will be exploited by attackers to steal data or inflict ransomware. Therefore, SMBs should partner with trusted MSSPs like Pathway to regularly scan all IT assets to detect vulnerabilities and fix the weaknesses within a reasonable time.

Talk to our experts