Search
Close this search box.
Search
Close this search box.

A New Danger: Cyber Attacks Are Increasingly Automated

© AdobeStock
Small and medium-sized businesses are especially vulnerable to the latest evolution of security threats.

A recent study from Sectigo/SiteLock analyzed more than 14 million websites worldwide to determine the current state of the internet, and the findings are more than a little disturbing. Case in point: It is estimated that there are currently 4.1 million websites infected with malware.

But an even more worrying figure is that twice as many cyber threats were recorded in 2021, compared to 2020.

There are many reasons for this rapid proliferation of online security threats. Start with the global Covid-19 pandemic and the shift to remote work that ensued, which revealed many weaknesses in cybersecurity that bad actors could take advantage of.

The current geopolitical context—in which tensions between a number of nations around the globe are running high—has also contributed to this explosion of malicious cyber activity.

The net result? Ransomware, phishing, account hacking and other cyberattacks aimed at stealing user and corporate data will most likely continue to increase in the coming years.

As if this wasn’t enough to worry about, a paradigm shift is beginning to take place in how attacks are carried out: There is a growing automation of online attacks.

Who are the preferred targets? Increasingly, it’s SMEs (Small to Medium-Sized Enterprises). According to the U.S. Cybersecurity & Infrastructure Security Agency—an agency overseen by the Department of Homeland Security (DHS)—small businesses are at a higher risk of cyber attacks than larger businesses because they often have fewer resources dedicated to cybersecurity. That is precisely why they need to better understand the threats they face.

Small businesses, more fragile than ever

First of all, let’s remember that websites are attacked on average nearly 63,000 times a year, 172 times a day, or 8 times per minute worldwide. Those are figures that should give any CIO pause.

Among these affected companies, SMEs have been identified as the most vulnerable, but they are not necessarily always aware of it. Attacks against SMEs increased by 53% in 2021 compared to the previous year, yet almost half of SMEs think they are too small of a target to be attacked. Meanwhile, half of them have already been victims of attacks.

The consequences of these attacks can be severe, handicapping these companies in both the short and long term. Beyond the damage caused by the attack itself, such as the loss of sensitive data or intellectual property, there are many other negative ramifications.

For starters, an attack can result in the degraded performance or even the total unavailability of an SME’s website, which makes any digital interaction with its prospects or customers impossible. Then there is the loss of time and the drop in productivity that affects employees who are deprived of their work tools and/or have to quickly manage an unprecedented crisis situation.

Last but not least, there is the broken customer trust and damage to the reputation of the company, which can lead to a loss of revenue, or even the complete closure of the company.

No SMEs are immune to these attacks, whether it’s a cluster of school districts in Texas, or a printing company with several hundred employees outside Denver, Colorado.

In this context, it is interesting to note the high vulnerability of sites managed with CMS (Content Management Systems) such as WordPress, even though they are widely used by SMEs. Easy to use, requiring little or no special knowledge in website development, CMSs offer the perfect solution to small businesses looking to have a quick online presence (blog, showcase site, contact form, etc.), at a lower cost. But this convenience comes with some potential pitfalls.

Websites managed with WordPress are 39 times more prone to attacks than other websites. Moreover, plugins—those tools that allow you to add extra features to websites—have an impact on the vulnerability of the CMS. For every five plugins installed on a website, the risk of attack is almost doubled. That’s because plugins can easily be infected by a bot or malware, offering a backdoor to access the site’s data.

The continuing growth of bots

If SMEs are already ideal targets for hackers based on the above factors, their risk profile has only increased based on the new ways these attacks are carried out.

We have gone from attacks carried out in a manual and targeted way to more sophisticated attacks, some of which are totally automated. The main culprits behind huge numbers of attacks today are bots, pieces of code generated by hackers that perform repetitive tasks.

While manual, targeted attacks are less numerous, they are also more dangerous because the hacker usually attacks a very specific target. But don’t get us wrong: Bots can cause plenty of problems.

This tool can become an ultra-powerful vector, because bot automation multiplies the strength of an online attack, essentially industrializing attacks in a way never seen before. Thus, hackers have a whole new arsenal at their disposal, allowing them to carry out various types of attacks, from simple email phishing aimed at stealing passwords, to distributed denial of service (DDoS) attacks, a technique that involves overwhelming a service/website’s servers to make it unresponsive or unavailable.

The numbers don’t lie. In 2021, SMEs received 5.5 times more visits from bots than from real internet users. That’s more than 2,300 visits per week per website. Thanks to a single bot, a hacker can reach thousands of IP addresses. Additionally, according to a study conducted by CyberArk (2022), 68% of bots have already had access to sensitive data and assets. This trend is expected to continue with the rapid development of new technologies based on AI. Attacks will therefore intensify, and their sophistication will only continue to grow.

In the future, it will be increasingly difficult to differentiate between human and bot traffic. Beyond the implementation of traditional tools to counter them, such as updating certificates and automating cybersecurity systems, it is up to SMEs to take the bull by the horns.

In that regard, tools like the cybersecurity planning tool offered by the Federal Communications Commission (FCC) and  the cyber resilience review self-assessment tool offered by DHS are a step in the right direction.


MORE LIKE THIS

  • Get the CEO Briefing

    Sign up today to get weekly access to the latest issues affecting CEOs in every industry
  • upcoming events

    Roundtable

    Strategic Planning Workshop

    1:00 - 5:00 pm

    Over 70% of Executives Surveyed Agree: Many Strategic Planning Efforts Lack Systematic Approach Tips for Enhancing Your Strategic Planning Process

    Executives expressed frustration with their current strategic planning process. Issues include:

    1. Lack of systematic approach (70%)
    2. Laundry lists without prioritization (68%)
    3. Decisions based on personalities rather than facts and information (65%)

     

    Steve Rutan and Denise Harrison have put together an afternoon workshop that will provide the tools you need to address these concerns.  They have worked with hundreds of executives to develop a systematic approach that will enable your team to make better decisions during strategic planning.  Steve and Denise will walk you through exercises for prioritizing your lists and steps that will reset and reinvigorate your process.  This will be a hands-on workshop that will enable you to think about your business as you use the tools that are being presented.  If you are ready for a Strategic Planning tune-up, select this workshop in your registration form.  The additional fee of $695 will be added to your total.

    To sign up, select this option in your registration form. Additional fee of $695 will be added to your total.

    New York, NY: ​​​Chief Executive's Corporate Citizenship Awards 2017

    Women in Leadership Seminar and Peer Discussion

    2:00 - 5:00 pm

    Female leaders face the same issues all leaders do, but they often face additional challenges too. In this peer session, we will facilitate a discussion of best practices and how to overcome common barriers to help women leaders be more effective within and outside their organizations. 

    Limited space available.

    To sign up, select this option in your registration form. Additional fee of $495 will be added to your total.

    Golf Outing

    10:30 - 5:00 pm
    General’s Retreat at Hermitage Golf Course
    Sponsored by UBS

    General’s Retreat, built in 1986 with architect Gary Roger Baird, has been voted the “Best Golf Course in Nashville” and is a “must play” when visiting the Nashville, Tennessee area. With the beautiful setting along the Cumberland River, golfers of all capabilities will thoroughly enjoy the golf, scenery and hospitality.

    The golf outing fee includes transportation to and from the hotel, greens/cart fees, use of practice facilities, and boxed lunch. The bus will leave the hotel at 10:30 am for a noon shotgun start and return to the hotel after the cocktail reception following the completion of the round.

    To sign up, select this option in your registration form. Additional fee of $295 will be added to your total.