Monitoring deep, dark and surface web to detect exposure of your sensitive data, secret projects and initiatives, privileged users, critical systems, IT infrastructure, and more.
Monitoring and alerting of third party data breaches impacting your employees’ emails, usernames, and personally identifiable information.
Assess the risk footprint and security posture of key business relationships to get a handle on external risk introduced through your extended attack surface.

Sign Up for Updates

Digital risk monitoring of key personnel with telemetry and risk metrics. VIPRecon provides broad coverage of social media, deep and dark web, as well as physical threat assessments.
Our Ransomware Response Readiness Assessment, Playbook and Table Top Exercise gives your organization the best chance to survive and recover.
Gain visibility of your digital footprint by reaching into the most active areas of the cyber underground.
Fully managed and tailored Threat Intelligence services that becomes an extension of your current security processes and provides real-time visibility on new threats.
Providing research and investigations into known threats, to save security teams time and stress during a cyber emergency.

Sign Up for Updates

GroupSense offers a comprehensive package of services for assessing and responding to ransomware attacks, including negotiations with threat actors.
Actively researching and monitoring threats from vendors or third-party companies that can affect organizational security.
Monitoring for threats to elections, VIPs, and more on social media to proactively prevent or mitigate digital risk.
Focusing on the threats and risks that matter to your security processes and providing intelligence and insights to prevent or mitigate digital risk.
Taking the next step in security services, by proactively taking down phishing sites or anonymously interacting with threat actors to provide better intelligence.
Active monitoring of your brand's digital assets to protect its reputation and stop further brand abuse from targeting unsuspecting victims.

Sign Up for Updates

Combining your cyber and fraud programs to effectively fight threat actors continually scamming or threatening assets within an organization.
Executives are prime targets for fraudulent activities, but with a proactive approach, any attacks or threats can be neutralized before causing any damage.
Governments, political parties and candidates must all act now to activate cyber threat intelligence services to harden their information security and get ahead of inevitable cyber threats to the election process.
4 min read

Why Cyber Attacks on SMBs Are a National Security Concern

Oct 1, 2023 11:30:00 AM

From the Dry Cleaner to the Defense Industrial Base

By Kurtis Minder, CEO, GroupSense

“How can they ask for that much? We only have 9 computers!”

“It isn’t the computer count, it is the data…”

While my team and I field some of the largest ransomware response cases at GroupSense, I spend my weekends and evenings helping those who cannot afford a professional response program. As a result, I see a broad spectrum of attacks and victims. While it is always disheartening when any company gets hit, it is particularly impactful to small operations. Many of these victims are family-owned generational businesses, forced into a situation that could end the legacy.

Unfortunately, the national impact of the attacks on SMBs (Small to Medium Businesses) has yet to be experienced by most of us. Washington’s continued focus on offensive tactics and protection of critical infrastructure may be missing the point. Cyber attacks on the lower and middle markets pose a grave threat to the economy and the national security of the United States. Let me explain…

SMBs are the backbone of our economy

When a large, publicly traded enterprise is hit by a devastating cyber attack, it's a costly endeavor. Whether that organization elects to engage the threat actor and pay a ransom, or recover and rebuild, it can cost millions of dollars. Nevertheless, most of these companies, if covered by cyber insurance, and with tremendous resources can and do recover. Often, the impact is meaningful but relatively mitigatable. Notification letters go out, subsidized credit monitoring is initiated, and the PR machine goes to work to save the tarnished brand. They live to fight another day, hopefully with better cybersecurity programs, budgets, and basic hygiene.

When a small business gets hit, it often goes unreported. These companies typically do not have the resources to pay or recover if they are not covered by cyber insurance. It is a business-ending event. Due to the relatively small size of these attacks and the fact that many victims do not report, the Justice Department doesn’t have a good inventory of the macro level problem, relegated to estimation and guesswork. Even when the attacks are reported, the IC3/FBI can be unresponsive. This is likely due to the fact that they are overrun with larger attacks and feel the need to prioritize.

For the US economy, though, it will be death by a thousand silent cuts. While thousands of SMBs around the country grasp for life, millions of dollars of economic damage, recovery costs, lost jobs, and ransom payments are draining us from the inside out. 

Small and Medium Business makes up over half the jobs and nearly half of our GDP. Collectively, they are critical infrastructure.

Want more content like this? Check out Kurtis' TEDx talk that reviews key behaviors to help this issue.

And they took our data….

If you are working in the Federal security realm you are familiar with the Defense Industrial Base (DIB). You are also aware of the frenzy around third-party risk, CMMC (Cybersecurity Maturity Model Certification), and other similar programs. Considering that threat actors often use exfiltrated data sets to pivot to new victims, all involved should be concerned at the treasure trove of exabytes of stolen data these cyber attacks are fueling.  As you know, state actors and ransomware actors make exfil a priority with different motivations. Regardless, they are good at it and they have been successfully siphoning this data from our digital shores for more than a decade. They take the data from the small ones, too.  

I cannot tell you how many times a victim excuses themselves from the extortion threat with “…our data isn’t that important…” “…there is nothing of real value in there…” Perhaps not in a vacuum. MOST data is useless on its own. It is when you combine that data with other data, correlate, and find implicit connections and value that it becomes weaponized. So no, the lawn care customer data seems benign. It is when you combine that data with the OMB breach, US Marshall’s data, or the recent D.C. Health Marketplace data to triangulate a senior member of the US military’s (perhaps with nuclear facility privileges) private property in Louisville, TN that it becomes material. Triangulate that data with a fitness wearable breach, a local HOA forum breach, or similar and you might be able to follow that guy to the gym on Tuesday. And our adversaries have the data and the compute power to do that, at scale. 

Every. breach. matters.

We are under attack and it is worse than you think

Think carefully about what is occurring here. We have foreign adversaries from unfriendly countries attacking our way of life, our businesses, non-profits, etc. They are disrupting those operations, they are causing 100s of millions, if not billions in damage. They are taking our data over the ocean to use as they see fit in future operations against us. And many times, they are profiting from all of this through ransom payments. 

We can and will do better.

So what do we do?

We all have an individual responsibility as citizens of the United States to do what we can to protect our own and our employer’s data. We can do this by practicing basic cyber hygiene, taking this mission seriously, and making it focus. Hold each other accountable. 

Download my cyber hygiene primer below, and download the Cybersecurity Awareness Month infographic here to learn more about what you can do today.

Topics: Blog

Written by Kurtis Minder