Cybersecurity Scams Get a Boost from Technology: What Small and Medium-sized Enterprises Should Watch Out For

The recent edition of CPABC in Focus, a publication by the Chartered Professional Accountants of British Columbia (CPABC), features a conversation with Michael Argast, co-founder of Kobalt.io. Argast reveals cybersecurity threats affecting SMEs, how technology plays a part in advancing these threats and how to protect against them.

Over the past year, the quality and frequency of cyberattacks on small and medium-sized businesses (SMEs) has increased, thanks in large part to AI and automation. While cybercriminals are building off tried and true tactics, advances in technology are making it easier to find businesses that have vulnerabilities – and to exploit them.

Here are some of the top threats and trends SMEs face in the cybersecurity landscape today.

Social engineering

Social engineering involves manipulating individuals into disclosing private information. While social engineering attacks exploit human behaviour – they play on emotions such as trust and urgency to trick individuals into giving up sensitive information – technology advancements have helped cyber criminals cast a wider net and therefore realize greater success. 

“AI is being used in a variety of different ways now,” explains Argast. “Better written content is an example where it’s tailored to the particular target. If you want to mimic a CEO, for example, you can feed in a bunch of the CEO’s previous writing and use AI to draft an email that has the same tone and language.”

Argast further explains that video and voice tools are becoming more prevalent – deepfakes of employees have successfully convinced people to transfer funds. “You can use a four-second sample of somebody’s voice to launch simulated messages and have real-time conversations,” he adds.

Third party risk

Argast explains that most businesses do not store their own data, so it’s hard for SMEs to control and manage the optimal level of protection. “Most organizations today don’t run their own technology stacks,” he says. “They don’t host their own data. Instead, they rely on SaaS¹ providers and cloud providers of various pedigrees to do that. And third parties are getting compromised all over the place.” 

With an ability to target suppliers with multiple partners, cybercriminals can gain access to thousands of organizations through one successful breach.

Business email compromise 

In a business email compromise scam, criminals send an email message that appears to come from a known source making a legitimate request. Again, AI has given these scams a boost, making them more sophisticated and easier for scammers to carry out.

“Business email and transfer fraud is much more sophisticated than many people realize. It’s not a sketchy email from your CFO requesting a financial transfer to an offshore account,” says Argast. 

“The business email fraud that’s happening today, with these wide-net attacks, enables attackers to live inside your email systems for weeks or months and insert themselves into existing chains of communication, which makes their activities seem highly credible. And they’re going to target the single largest financial transfer you’re going to do in six months.”

How to protect your business

Argast offers the following suggestions for business owners:

Solopreneurs

• Use alternate communication channels to verify requests. Argast explains that cybercriminals typically attack just one channel at a time. So, if an email is received requesting a transfer of funds or release of information, it’s best to use a different channel (phone, video, Slack) to reach out to the other party.

• Protect devices with encryption, password protection and anti-malware software

• Use Multi-Factor Authentication whenever possible

• Use a secure cloud service provider that has demonstrated due diligence

SMEs with 5-10 employees

• All of the above, plus:

• Partner with a cybersecurity firm to perform a risk assessment, which can help prioritize cybersecurity investments

Businesses with 20+ employees 

• All of the above, plus:

• Implement an industry standard, such as ISO 27001²

Ultimately, one of the best ways to protect your business is to seek help from cybersecurity experts. “A lot of small business owners think they have to build this themselves, but there are good service providers out there who focus on delivering cybersecurity services at a fraction of what it would cost to build these kinds of capabilities in-house,” says Argast. “They know best practices, and they can scale their services to the size of the business.” 

Read the full interview with Michael Argast here, to learn more about the top cybersecurity concerns affecting SMEs and how to stay ahead of cybercriminals that are using AI and automation to advance their efforts.

Share This Article