Security News

Assuming you're not a target leads to lax security practices in many SMBs who lack the knowledge or expertise to put simple security steps in place. According to a Cyber Security Breaches Survey, businesses that hold electronic personal data of their customers are more likely than average to have had breaches.

Microsoft announced today the availability of Azure DDoS IP Protection in public preview, a new and fully managed DDoS Protection pay-per-protected IP model tailored to small and midsize businesses.Unlike the enterprise offering, DDoS IP Protection does not have support for DDoS rapid response support, cost protection, and discounts on WAF. "With the DDoS IP Protection SKU, customers now have the flexibility to enable DDoS protection on individual public IP addresses," Microsoft Senior Product Manager for Azure Networking Amir Dahan said.

Attackers view smaller organizations as having fewer security protocols in place, therefore requiring less effort to compromise. Lumu has found that compromise is significantly different for small businesses than for medium-sized and large enterprises.

Microsoft announced that the Windows 11 SMB server is now better protected against brute-force attacks with the release of the Insider Preview Build 25206 to the Dev Channel. Redmond has enabled the SMB authentication rate limiter by default and tweaking some of its settings to make such attacks less effective, starting with the latest Windows 11 Insider dev build.

Coalition announced the mid-year update to its 2022 Cyber Claims Report detailing the evolution of cyber trends, revealinig that small businesses have become bigger targets, overall incidents are down, and ransomware attacks are declining as demands go unpaid. "Across industries, we continue to see high-profile attacks targeting organizations with weak or exposed infrastructure - which has become exacerbated by today's remote working culture and companies' dependence on third-party vendors," said Catherine Lyle, Coalition's Head of Claims.

Cybercriminals and threat actors work around the clock, with attacks originating from around the world. All businesses, including SMBs, need to be always on alert for new threats and available to respond at any moment to an incident.

Cisco has revealed four of its small business router ranges have critical flaws - for the second time in 2022 alone. A Wednesday advisory warns owners of the RV160, RV260, RV340, and RV345 Series Routers that the vulnerabilities could allow "An unauthenticated, remote attacker to execute arbitrary code or cause a denial of service condition on an affected device."

While 81% of SMBs are monitored by a security operations center, 57% do not operate 24 hours a day, 7 days a week. Considering that 69% of SMBs feel they are facing critical and expanding cybersecurity threats and 75% say cyberattacks have increased in the past three years, the lack of 24/7 coverage continues to put SMBs at risk, according to a survey by Forrester and Pondurance.

SMBs, beware: Microsoft said this week it has discovered a North Korean crew targeting small businesses with ransomware since September of last year. After the gang gets its eponymous malware onto a victim's network, it follows the standard ransomware playbook: encrypt files, and demand a Bitcoin payment to restore the data.

A report released Tuesday by the Cyber Readiness Institute looks at the slow state of MFA adoption among SMBs. CRI surveyed 1,403 small business owners across the U.S., the U.K., New Zealand, Japan, India, Germany, Canada and Australia from May 2 to May 15. Among the respondents, 55% admitted that they're not very aware of MFA and its security benefits, while 54% said they haven't adopted MFA for their business.