Cyberattacks based on strategies like phishing are becoming hard to spot, even by more technical and threat-educated audiences, with SMBs that have fewer resources potentially more vulnerable.
According to Jozef Kačala, GFI Software sales engineering VP, speaking in a December GFI partner webinar, phishing emails can be very compelling. Something like this can be easily created using a free tool like ChatGPT, for example.
He said that a professional-looking message with a compelling call-to-action that targets salespeople or accounts managers, for instance, can be very effective.
An example might be: “For a limited time, we’re offering a 40% discount on our software license renewal. To claim this offer simply access our new secure platform, via the link below.”
Vendors including GFI Software are increasingly building cybersecurity applications specifically for SMBs, however — because it’s a myth that smaller organisations aren’t at risk, according to release from the US Cybersecurity and Infrastructure Security Agency (CISA).
A report by vendor CoveWare looked at ransomware trends in Q3 of 2020, finding that more than 25% of attacks reported that quarter had been made via phishing.
While ransomware often targets large enterprises, CoveWare also found smaller organisations attacked via improperly configured Remote Desktop Protocol (RDP) ports, phishing emails and software vulnerabilities. Of organisations reporting ransomware, 40% were SMBs with 100 staff or fewer.
According to GFI Software, its portfolio can be used, including by managed services providers (MSPs), to combine strong identity and access management (IAM) with data loss prevention (DLP) and robust incident response – without the need for smaller companies to have a large in-house security team.
They can also defend themselves against vulnerabilities partly by staying on top of software updates and patching — as well as choosing applications that are ISO 27001 compliant, GFI said.
GFI archiving software can help SMBs minimise legal risks while ensuring files, emails and other workplace tools are available to use, wherever people are working, while controlling them from a central location, the company said.