The question is not if a company will face a cyber attack, but when
Cyber Security Cyber-crime is a low risk, high reward endeavour for bad actors. The combination of these factors means it is a case of when, not if, a company will be attacked.
The UK is the most cyber-attacked country in Europe and the second-most assailed in the world, with attacks up 40 per cent in 2014, according to Symantec. Despite these figures, and an increasing reliance on the internet to conduct business, security still does not get the level of attention it deserves. Whether due to the misperception of cyber security as merely a function of the IT department, or the myth that a business is too small a target for a cyber-attack, many organisations lack a unified and coherent cyber security strategy.
At the same time, the tools to launch a cyber-attack are easily available on the dark web and simple to utilise. In fact, ‘cyber-crime as a service’ has become a new business model for organised criminal gangs, with those operating on the dark web developing products and services for other criminals to use. Cyber-crime is a low risk, high reward endeavour for bad actors. The combination of these factors means it is a case of when, not if, a company will be attacked.
Recent research from by Equinix found that that 7 out 10 companies in the UK do not feel prepared against cyber-attacks. Businesses, especially SMEs, must accept that cyber security precautions are an inherent part of doing business in today’s digital world and prepare themselves accordingly.
Protecting your business against the most common forms of attack does not need to be an expensive exercise. Our research shows that the most common vulnerabilities are ones we’ve known about for a long time and can be easily overcome. Things like strong passwords and basic security protocols are unfortunately often neglected, making companies an easy target for attack. As all businesses across the UK become ever more reliant on web-based tools this mind-set must change.
SMEs are often targeted because they are less likely to have these security measures in place, or even be aware they are at risk. Any company that stores data online is vulnerable to attack, and must take security precautions. A good first step is to follow the government supported Cyber Essentials scheme, which provides a cost effective method of getting the basic cyber security foundations in place.
Many breaches stem from the fact that staff are not aware of best practice which means that training and awareness are crucial. Checks that should be standard across every company include good password protocols, regular updating of software and regular back-ups. These measures are essential whether you’re a one man band or a multinational enterprise.
SMEs can also take advantage of the cyber security SME voucher scheme, announced by the Government last year. The vouchers offer micro, small and medium sized businesses up to £5,000 for specialist advice to boost their cyber security and protect new business ideas and intellectual property.
By making a few small, and cost efficient changes, small companies can drastically reduce the risk of falling victim to a cyber-attack, and in the process protect their customers, their business and their reputation.