How SMEs can manage and mitigate the risk of data breaches
“I am convinced that there are only two types of companies: those that have been hacked and those that will be.”
Robert S. Mueller III, Director of the FBI (2012)
When they strike, major cyber security incidents tend to dominate the headlines. Whether it is for the financial toll on businesses, the disruption they cause, or the embarrassment they engender for individuals whose details are leaked online, these breaches have a huge impact on the public imagination.
Take May 2017’s WannaCry attack, which infected thousands of computers in hundreds of organisations around the world. The attack was unprecedented in scale and in the UK its largest victim was the NHS. The impacts were real: numerous outpatient appointments and operations were cancelled following the attack.
According to the UK government’s 2017 Cyber Security Breaches Survey, 46% of all UK firms identified at least one cyber security breach or attack in the last 12 months, and in most cases, these breaches were reported to have adversely affected the organisation. Given that 99% of UK businesses are classified as SMEs, most victims will likely be businesses with under 1,000 employees.
Perhaps most worryingly for SMEs is that the costs of a cyber attack can be much more devastating than for larger companies. The cost of breaches to small businesses is normally much more damaging—so much so, that in the US, up to half of all small businesses are estimated to close within six months of a major breach.
In response to this threat, I have written a white paper that outlines what the most common threats affecting SMEs are, and then provides a set of simple steps that SMEs can implement to immediately reduce their risk of becoming a victim of cybercrime.
The most common threats to SMEs include:
- Ransomware: this is malicious software which usually comes from a phishing email. It can encrypt the whole company’s network, and then demand a sum of money to return access to the victim
- CEO fraud: a criminal hacks the email account of a senior employee at a firm or creates a similar-looking ‘spoof’ email account, and then sends an email to a junior member of staff ordering them to make a payment to a fictional supplier
- Hack attack: often arising through an unpatched vulnerability in a company’s systems, or by simply guessing weak passwords, a hacker is able to enter a victim’s environment and steal information
- Denial of service attack: this happens when a company’s website or servers are overwhelmed by the sheer quantity of data being pushed at it. Criminals may extort money from potential victims.
The white paper will demonstrate that the threat facing SMEs from cyber crime, hacking and human errors are higher than ever. And, while many larger organisations have begun upgrading and improving their processes to protect themselves, most small and medium firms are still lagging. At Transputec, we have helped countless small and medium sized businesses cut their risk from a cyber attack. And while no organisation will ever be entirely free of the risk of being breached, the white paper outlines five steps that can dramatically cut your chances of a costly attack.
Head of Cyber Security