How can SMBs protect against fraud in the cloud?

A close-up of part of a login screen where the password field has been filled in and the curser is hovering over the Sign In button
(Image credit: Getty Images)

While cyber attacks against large enterprises usually hit the headlines, with larger organizations seen as the most lucrative targets, that doesn't mean small and medium-sized businesses (SMBs) are safe. It's quite the opposite, in fact, with SMBs under fire more than one might think. One of the main reasons is that organizations of this size enjoy fewer resources and tend to have less robust systems of protection, than the biggest companies out there. 

In recent years, cyber criminals have cottoned on to this weakness and have begun targeting such companies with more ferocity. Small businesses account for 43% of cyber attacks annually, according to Accenture, and 46% of all cyber attacks are against SMBs with fewer than 1,000 employees. Worse yet, only 14% of those SMBs are prepared to face a cyber attack if and when targeted. 

The variety of attack methods is vast, too, and malicious activity can arise in the form of ransomware attacks or brute force hacking. But phishing is also one of the most common attack vectors, with exposure usually coming from an instance of human error somewhere across the organization. Phishing is the number-one leading threat for SMBs, according to Check Point, and more than half (54%) of attacks against SMBs are successful, resulting in a breach. As for how much this costs, Avast puts this figure at an average of $66,000 (£53,000) per business.

SMBs, therefore, must prioritize safeguarding against phishing attacks, especially when the public cloud comes into consideration. It can be easy to overlook the public cloud as an area in which your organization may be vulnerable, especially since buying into the services of hyperscalers may already involve adopting robust security protections. But it’s this exact sense of complacency that cyber criminals bank on. That's where services like TD Synnex SMB Fraud Defense for AWS can help – managing and mitigating these threats and bolstering your internal security team at the same time.

Phishing is becoming a serious public cloud threat 

Although cloud computing has been a fixture in the IT landscape for many years, it's still a space that's maturing and attracting more and more businesses as each year passes. The public cloud is also a fertile arena for cyber criminals, with phishing a prime attack method as it relies on human error rather than brute forcing security systems. This isn't just the weakest link in an SMB's cyber security posture, according to Accenture's research, but it's commonplace. Another major contributing factor, according to Zscaler, is the rise of phishing as a service, in which kits and pre-built tools are sold to make phishing campaigns much easier to wage and harder for security teams to spot.

We've seen a handful of key examples of phishing attacks cyber criminals have wrought on businesses through the public cloud and software as a service (Saas) platforms in recent years. Last year, researchers with Avanan found that hackers were building phishing pages using AWS apps. In this particular type of attack, hackers can bypass built-in AWS scanners by building phishing pages directly on the platform and emailing links to employees within organizations. They can bypass email checks that determine whether a message should be allowed or blocked because AWS will always be marked as safe. This comes alongside attacks in which hackers use platforms like Quickbooks, PayPal and Google Docs to make sure emails bypass any possible filtering or security technology and land in the inbox of unsuspecting prospective victims. 

There are other such attacks in the form of SaaS-to-SaaS phishing attacks, according to Hackernoon. The first stage involves spoofing an invoice or a secure PDF hosted on cloud services. Any action takes place in the cloud and it's hard to detect.

Safeguarding your business in the cloud 

Although the likes of AWS have effective in-built security protections for public cloud customers, there are further measures businesses can take to ensure they're as protected as possible from cyber criminals' efforts. It's particularly important to stay ahead of the game by considering products like TD Synnex SMB Fraud Defense for AWS.

RELATED RESOURCE

A whitepaper from Datto helping MSPs with a security-first RMM solution

(Image credit: Datto)

Discover a robust security ecosystem for MSPs

DOWNLOAD NOW

"TD Synnex SMB Fraud Defense for AWS can help businesses increase the security posture of their cloud environment and lower the risk of falling victim to hackers," says Craig Smith, vice president for data, AI and IoT (EMEA) at TD Synnex. "SMB Fraud Defense is a pre-configured solution that delivers multi-layered defense against vulnerabilities and lets businesses make their AWS instance as secure as possible, for example by allowing security teams to enforce 2FA, restrict types of instances, and implement budget controls. 

"Taking on this added layer of security means protecting employees from phishing efforts, as well as social engineering attacks that can lead to compromised credentials," adds Smith.

Organizations can also proactively detect and set up alerting mechanisms to help prevent fraudulent activity or misuse within AWS environments. By implementing the platform, organizations that use AWS can detect and prevent cyber attacks, manage budget thresholds to prevent losses, protect against employee identity theft, and raise their overall security posture. 

Ultimately, internal IT and security teams would receive a much-needed boost, with such tools augmenting their functions or even establishing new levels of security sophistication for SMBs that are otherwise too small to protect themselves against the most pertinent cyber security threats – from ransomware to phishing. 

ITPro

ITPro is a global business technology website providing the latest news, analysis, and business insight for IT decision-makers. Whether it's cyber security, cloud computing, IT infrastructure, or business strategy, we aim to equip leaders with the data they need to make informed IT investments.

For regular updates delivered to your inbox and social feeds, be sure to sign up to our daily newsletter and follow on us LinkedIn and Twitter.