Small Business Not Prioritizing Cybersecurity

Small Business Cybersecurity PriorityA recent small business survey showed only 5% of small business owners viewed cybersecurity as the biggest risk to their business. This is the first survey since the Russian invasion of Ukraine, and the cybersecurity risks and warnings that came from the conflict. The warnings that came from numerous government agencies seem to have no impact on the small business community. The same 5% level of concern was found in the previous survey from the first quarter of 2022, before the conflict began.

Less than half of the small business owners say they use an antivirus, complex passwords, or external backups which affirms the statistic that cybersecurity is not a priority. The number falls even lower when we get into software updates and multi-factor authentication.

The NSA and the Cybersecurity and Infrastructure Security Agency (CISA) released an advisory on Weak Security Controls Exploited for Initial Access. The advisory, in part, highlights many of the security controls small business owners admit to not using. Multi-factor authentication, software updates, and strong passwords are among the weak controls highlighted by the NSA advisory.

Customers disagree with small business owners regarding cybersecurity. About 75% of customers think businesses they use, will suffer a cybersecurity incident over the next 12 months, and 55% say they would be less likely to continue doing business with a company after a security breach.

Even if a company can recover data from a cybersecurity incident like ransomware, there is the added cost of paying the ransom, company downtime and loss of productivity, and the loss of public trust in the business. The most recent data available shows about 31% of US businesses that suffered a cyber-attack ultimately went out of business as a result of the incident.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business

Cyber Insurance Update

Cyber Insurance for Small Business Updates 2022

Cyber Insurance Explained is our most popular video, so we thought it was a good time to talk through some updates we are seeing in Cyber Insurance.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business

A Future Without Passwords

A Future Without PasswordsApple, Google, and Microsoft are on the road to eliminating passwords for all online services. The three tech giants committed to adding or enabling the technology needed to allow users to choose their phone as the main authentication device for websites and digital services. A user would be able to unlock their smartphone, as they do now, with a PIN, face ID, or fingerprint, and that action would take the place of entering a password on a website. The authentication would work through a cryptographic token called a passkey. The new authentication method would also make phishing more difficult because login would require a physical device.

Passwords are an ineffective way to authenticate for a service. Users are bad at password management. About 25% of people re-use passwords, and an equal 25% use weak, easily guessable passwords. But we can relate to these users. Passwords are a pain, and we are expected to remember a different password for every service. There are password managers, but they have  low usage rates because users don’t know what they are, or don’t trust them.

The FIDO (Fast Identity Online) Alliance is the group behind the higher-level authentication technology. To maximize adoption FIDO was looking for something end-users already have and making the process as user-friendly as possible. The FIDO Alliance takes authentication out of the hands of the individual service and moves it to a higher-level security mechanism.

“This shift from letting every service fend for themselves with their own password-based authentication system to relying on the higher security of the platforms’ authentication mechanisms, is how we can meaningfully reduce the Internet’s over-reliance on passwords at a massive scale,” FIDO said.

The FIDO Alliance has been working on a password-free workflow for a decade now. This latest announcement is the largest step we have seen in the quest to zero passwords.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business, Virtualization

Hacking and War in Ukraine

Microsoft released a detailed report that showed Russian hackers correlated their attacks with physical military operations. Russia is using three primary attack vectors in the technology space: disinformation campaigns, distributed denial-of-service (DDoS) attacks to knock web services offline, and malware to erase all data from a network or computer. The Microsoft report showed six distinct hacker groups who have been involved in attacking Ukrainian targets since the Russian invasion. Russia favored coordination attacks when they target telecommunication infrastructure. They targeted telecom or internet providers with both, cyber and physical, military attacks at the same time.

Russia has a history of high-profile cyberattacks on Ukraine. In 2014, Russia used cyberattacks to accompany the military war in Eastern Ukraine. In 2015, the cyberattacks knocked out the power grid in Ukraine. However, when Russia ramped up its cyberattacks leading up to the military invasion in February, it did not achieve the same results as in previous years. Ukraine has bolstered its cyber defense since 2015 at the university level. The Ukrainian University cybersecurity has a faculty of 125 trained instructors with more than 700 cybersecurity students. This backbone of cybersecurity professionals is believed to be the reason Ukraine has been able to keep the internet on even in the hardest-hit areas.

At the same time, Russia is being attacked with cyber tools at an unprecedented level. Ukraine is using DDoS attacks to knock government services, aviation companies, and online payment systems offline to disrupt government and citizens’ daily activities. Additionally, hacktivists from around the world are joining the barrage of cyberattacks on Russia in favor of Ukraine. DDoS attacks are the most prevalent vector, but ransomware has also been seen targeting Russian network vulnerabilities. The DDoS attacks against Russia have become markedly longer in duration as well growing from minutes to days, the longest lasting a week.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Virtualization