Skip to main content

The top SMB threats of 2016

After another year of high-profile breaches and daring cyber-heists, it’s clear that being able to trade and share online freely and securely is a long-off dream. As our counter-cybercrime measures get more advanced, so do the methods of attackers. Over the next 12 months, we’re going to see ever more sophisticated and diverse methods of attacks targeting the SMBs of the UK and beyond – here’s a few of the areas where I sense that we need to be most vigilant:

Evolving malware

More sophisticated malware will continue to defeat detection by hiding in common services and using non-traditional forms of communication such as TOR or Peer to Peer.

In tandem, recent highly effective social engineering ploys, such as those utilised in ransomware, will continue to terrorise businesses.

Speaking of ransomware, victims continue to payoff these cyber criminals and, in turn, the bad guys keep doing what’s working so well for them. As long as they’re being paid, these crafty cybercriminals will continue to innovate new attacks that will push the needle. Remember the attackers are agile and often take advantage of zero-day vulnerabilities and we can only attempt to harden against these.

Unfortunately there is no easy way to “defeat ransomware” but paying the ransom is, in my opinion, ill advised and also there’s no guarantee that you’ll even get the keys to unlock your data.

Cyber warfare

Acts of cyber aggression will continue amongst many nation states including the U.S. and China, as well as remaining a tool of warring nations. While we may not be privy to the majority of these attacks against infrastructure or corporate espionage between our collective countries, evidence suggests that the Internet has become an important tool in every aspect of our lives including war and politics. Expect this “boots at home” tactic to remain in the playbook as a first move in most conflicts whether it be just reconnaissance or even the disabling of infrastructures and communications.

Internet of Things

Practically every business and even some individuals will have Wi-Fi enabled fixed devices that are controlled remotely – from switching on lights at home to cooling nuclear reactors in power plants.

When vulnerabilities exist in any popular OS, and hackers know about them, it is only a matter of time before they are exploited. The issue is that people are not installing security patches in a timely manner, and inadvertently leaving their devices vulnerable.

Bring Your Own Device (BYOD)

BYOD often provides the business with cost savings and increased productivity/effectiveness from their workforce. However, the security challenge that this movement has created has also left IT departments in a bit of a quandary.

Organisations need to have a BYOD strategy and policy that is appropriate to their situation. Obvious security points to address with the policy include: password enforcement; encryption; device management; access control, etc. should all be kept in mind while still maintaining enough freedom to keep the employee happy.


The ever-expanding marketplace of health and fitness apps coupled with wearable devices monitoring our every move, heartbeat, and location continue to gain popularity. Compromised or just poor privacy settings could leak this personal data out into the world.


Often referred to as the ‘Dark’ or ‘Deep Web, Tor continues to attract both the good and bad of society, lured by its promise of anonymity. Facebook’s new experimental move into the Tor network may inspire other reputable services to want to provide anonymous access thereby enticing new users who may have been unwilling to try them beforehand.

While there are legitimate reasons visitors may require secrecy, a great many illegal things have also been discovered on Tor’s network: items that should be protected by fair trade, copywrite and other laws; stolen credit card forums; general hacking services and malware creation. Even the groups behind ransomware, such as CryptoLocker, have begun to demand their ransoms through the Tor network utilising cryptocurrencies like bitcoin to remain anonymous to authorities and their victims.

It is important to be aware of all of the different ways that Tor can be used and make any necessary adjustments. If this is something that concerns you as a business owner then policy should be put into place that restricts the installation of Tor software. And remember, it always pays to be vigilant. No matter what the circumstance.

Mobile payment systems

Vendors have been trying hard to change the way we make transactions with features such as Near Field Communication and virtual wallets in mobile devices. Unfortunately, its early adoption has left a lot to be desired thanks to security issues and concerns.

Thanks also to these early flaws, and the attack on the CurrentC payment system through third parties which led to the leak of the email addresses of early adopters, we can expect mobile payment systems and its architectures as a highly likely target of attack. Hopefully the organisations concerned will work aggressively to make digital payments through services such as ApplePay, Google Wallet and CurrentC much more secure.

Individual cloud storage

The use of Dropbox, OneDrive, Box, Google Drive as well as all of the other cloud storage services by individuals as a means to more easily access documents in multiple locations will pose a greater risk to personal as well as professional targets as company documents and data comingle with personal files in the cloud.

It’s also worth noting that using cloud storage for data backup does not automatically negate the risk from ransomware – in fact MANY previous ransomware attacks (aka Cryptolocker) have relied on free cloud storage sites like Dropbox to distribute their payload.

Organisations need to limit access to folders within their cloud network to only the individuals that need access to perform their job role. This will help prevent both accidental and purposeful data loss.

Carefully select which devices employees are permitted to use when accessing the cloud, and what types of encryption to use to keep the devices from connecting to unsafe networks.

As mentioned previously, another helpful practice is maintaining regular security training so users know the risks. This will help those who otherwise may inadvertently expose sensitive company data by keeping them on course with best practices.

Of course, there is no “silver bullet” when it comes to online threats. However, with a blended security approach that leverages current intelligence and technology from several sources, combined with regular security training, organisations can prevent most malware from entering their network and deflect threats that might otherwise damage systems.

Troy Gill, Manager of Security Research at AppRiver

Image Credit: Shutterstock / CobraCZ