According to a recent study undertaken by Barclays Bank the average cost of each cyber-attack is more than £1,000 per attack, and 29% of cyber-attacks and attempts against small businesses and SME’s are successful. What’s more, 10.6% of those who took part in the study revealed that they had been victims of a cyber-attack, and 8.58% of these had to make staff redundant to cover the cost of what happened to them. With 43% of all cyber-attacks and hacking attempts being against small businesses and SME’s, this is an area that is fast become one that can no longer be ignored.
What is a cyber-attack?
A cyberattack is any criminal act against computers and networks and is often called hacking. It can also cover more traditional crimes conducted through the internet. Some common types of cyber-attacks against businesses can include computer system attacks, malware, ransomware, business identity theft, phishing, web based and denial of service (DDoS) attacks.
These kinds of cyber-attacks have the potential to inflict enormous damage to growing businesses, especially those who operate on small margins. However, many small businesses and SME’s do not have this as one of their main priorities, with other areas such as HR, accounts and investor pitching often taking precedence.
The Growing Sophistication of Cyber-attack on Organisations Today
With cyber-attacks continuing to increase at an alarming rate and evolve beyond disruption towards specific objectives such as targeted data theft, they are now becoming more and more sophisticated. As such, traditional approaches to cyber-security are fast becoming ineffective. Perimeter based security, detecting and blocking what comes in and out of the environment, is no longer adequate in stopping cyber-attacks.
Securing your business from cyber-attacks
Regardless of what industry your business operates in or the size of your business there are some simple steps you can take to help safeguard against potential cyber-attacks.
Ensure your systems are up to date at all times – While there are many valid reasons why small businesses and SME’s struggle to keep their systems up to date including the cost of doing this, ensuring you are running the latest version of Windows, Mac OS and other software is crucial. By updating your systems on a regular basis major issues are often fixed, and you are less likely to be compromised by a cyber-attack.
Ensure your systems are up to date at all times – While there are many valid reasons why small businesses and SME’s struggle to keep their systems up to date including the cost of doing this, ensuring you are running the latest v$
Back up, back up, back up and back up again – while in the past backing up company data was a laborious process, cloud storage solutions today are affordable, simple and fast. There are huge benefits to storing your data on the cloud and while there is still a small risk that these can still be compromised your data will be protected against certain types of cyber-attacks such as ransomware.
Knowledge is Key: Educate Your Staff – the more training and awareness that your staff have of cyber fraud, the better equipped they will be to safeguard against potential attacks. With small businesses and SME’s being more reliant and dependent on the internet than ever before, it is vital that you train all your staff to be cyber aware at a minimum.
Conduct regular risk assessments – while there is much you can do to help protect your systems and business from cyber fraud internally, having regular risk assessments undertaken by a professional may highlight any areas that may have been overlooked. Cyber Essentials is a great place to start for this.
Introduce a password policy – insecure passwords can often be an organisation’s weakest link, so review these regularly. Introduce a password policy that forces your employees to change their passwords frequently.
How is the cybersecurity industry developing its skill set to combat this growing threat?
Despite the cyber skills gap that exists today, the UK government and many leading organisations are working together to ensure the next generation of security professionals have the skills and expertise to stay one step ahead of hackers. Since the UK Cybersecurity strategy was rolled out in 2011, several measures and organisations have been developed and launched to help combat the growing cyber threat. These include:
The launch of the National Cyber Security Centre – in response to the ever-growing threat of cyber-attacks, the UK government in conjunction with GCHQ launched the National Cyber Security Centre. Based in London, the centre aims to be at the forefront of the cybersecurity industry by providing relevant, timely and up to the minute responses to the latest malware, ransomware, and other sophisticated cyber-attacks.
Training neurodiverse individuals for a career in cybersecurity – studies have shown that neurodiverse adults, such as those who are on the autistic spectrum, are well suited to a career in cybersecurity. In Worcester, Dr Emma Philpott has set up a Community Cybersecurity Operations Centre (SOC) which is being used as a training centre for neurodiverse individuals in cybersecurity. It also operates services to protect vulnerable adults who are commonly targeted by cyber criminals. By tapping into the neurodiverse community, the cyber skills gap can be addressed and opportunities given to these individuals to have a meaningful career that they wouldn’t have otherwise had.
Getting young people interested in cybersecurity and programming – the key to developing the cybersecurity professionals of the future is to get them interested in cybersecurity while at school, and to help with this the Cybersecurity Challenge was born. The Cybersecurity Challenge UK is a set of learning programmes, networking events and competitions that run all over the UK which are designed to identify leading cybersecurity talent and to encourage young people to be more cyber aware and consider becoming cybersecurity professionals. Through this medium the next generation of cybersecurity talent can be found, nurtured, and developed.
Ensure the cybersecurity supply chain is protected – everyone has a smartphone, tablet or computer and the components used to make these are very similar. As other devices are developed and made it is essential that security practices, operations and methods that supply chains use are audited and reviewed regularly. Cyber essentials is a great way to show that you’re your organisation takes cybersecurity seriously, and having this accreditation can open doors for companies to trade with the government, councils and the MOD.
Training, education and cyber awareness – the growing cyber threat cannot be combated without raising awareness of the seriousness of cybersecurity. It is critical that this is done without hype but also with the aim of ensuring that cybersecurity is everyone’s responsibility. Everyone should have access to tools that will help them to protect their homes, companies but most importantly of all, to protect themselves against potential cyber-attacks. Educating the general public about cyber-attack will help awareness about the growing cyber threat cascade into offices, schools, further education establishments and even further afield.
The development of a cyber workforce that is strong and robust – if cybersecurity is to be at the heart of education it should be heavily promoted via science subjects, technology, engineering and mathematics (STEM subjects) to ensure that those with a strong interest in cybersecurity can develop and utilise their skills to enter a career in the cybersecurity industry. Utilising the strong talent that exists in hacker communities should be a top priority.
The growing threat from cyber-attacks is not going to disappear any time soon, therefore organisations need to embrace this and ensure they are as prepared as they can be against cyber-attacks. With a few simple steps and training, you can successfully protect your business against cyber fraud.
At CyBourn, we have a range of services that can help, giving you full peace of mind when it comes to your cybersecurity posture. We are a global cybersecurity company with a mission to address challenges in technologies and operations in cyberspace. We increase protection by providing forward-thinking transparent services for threat detection, prevention, and response.
To find out more, talk to us today.