Last year, around half of all UK businesses were hit by cyber-attacks. The threat of cyber-attack is now very real for all businesses, whatever their size. The problem is that small businesses and organisations tend not to consider themselves likely targets for cyber-attacks because they are small and therefore will not yield a rich prize for cyber-criminals.
In fact, small businesses may be even more likely to be targeted by attackers. First, the programs used by cyber-criminals to find potential targets cannot always detect whether they have reached a large or small company, meaning attackers will not discriminate. For hackers, time is the most important resource, so a hacker will attack the first vulnerable business they find rather than waiting to discover its size.
In addition, the cyber-criminal community is well aware that smaller businesses tend to be more vulnerable to cyber-attacks because of a smaller IT budgets and general unavailability of funds. When faced with the opportunity, therefore, criminals may attack small businesses knowingly because the risk of their failure is less.
Altogether, these factors led to 74% of small businesses reporting that they had been breached by a cyber-attack in 2015. Data shows that cyber-attacks can already be seriously harmful to smaller companies – causing on average £1500 damage to every business each year – but with new EU and UK data protection laws recently proposed, organisations could be fined millions of pounds for failing to protect customer data.
The cyber-attacks which target small businesses can come in many shapes and sizes. Phishing emails disguise themselves as emails from reputable sources and attempt to trick victims into opening attachments or following links, which then infect the system with malware. They are a threat to all individuals and organisations, but if opened on a company network these emails could contain malware – for example ransomware (currently the most common form of malware), which would lock down vital data on your system until a large payment is made.
Ransomware is currently the most prolific kind of malware. In May 2017, a ransomware virus called ‘WannaCry’ hit the NHS (and other large organisations internationally), infecting systems throughout the country and seriously impairing its functional ability. The number of emails containing ransomware has risen 6000% since 2015; 93% of all phishing emails are ransomware. One business was charged more than £3000 for the decryption of over 12000 files. As you can see, ransomware is a big deal.
Distributed Denial of Service (DDoS) attacks use large groups of malware-infected computers called botnets, which can disable your network by overloading them with traffic. Companies hit with this kind of attack in the past have lost customers because the customers had lost faith in the company’s ability to stand up for itself. Defending against cyber-attacks is important not just for preventing the loss as a result of IT system outage, but also for maintaining a good public image for your business.
Other attacks use weaknesses or vulnerabilities present in a system to compromise it and cause damage. Attacks of this kind tend to focus on stealing Personally Identifiable Information (PII) such as customers’ banking or credit/debit card details.
>70% of malware infects systems as a result of social engineering – put simply, hackers tricking people into opening infected attachments or following links which run malicious code – so one of the best ways you can protect your organisation is by making sure all employees are aware of the dangers of opening attachments and following links from emails (or other messages) which are unexpected or seem unusually urgent, even when the person sending the emails appears to be someone trusted: hackers often attempt to appear to be a CEO or other key directive role.
Apograph Ltd are an IT specialist company who can improve your chances against malware by detecting and closing vulnerabilities and helping you to upgrade to more secure systems. If you are interested, please contact us on 01858 455426.