The headlines always seem to be full of news about yet another cyber security attack. The Covid-19 pandemic has seen an alarming increase in the number of cyber attacks, and the scope of these attacks is constantly evolving, with some of the largest, most audacious attacks making the headlines for weeks on end.
The cybersecurity landscape is particularly worrying for small organisations who lack the internal resources to protect themselves from cyber attack, or to respond effectively to minimise the damage should a breach occur. Fortunately the growing managed security services sector is on hand to help even the smallest business protect themselves from cyber attack.
Escalating cyber attacks – no one is exempt from attack
No organisation is safe from cyber attack. The UK Government’s Cyber Security Breaches Survey 2021 reported that in 2020, 39% of businesses in the UK experienced a cyber security breach or attack, while 83% of all respondents reported phishing attacks aimed at their organisations. The survey also found that the Covid-19 pandemic has increased the risk for businesses as IT security teams are stretched thin by remote working and smaller budgets.
At the most extreme end of the scale, the US Government were some of the victims of the far reaching SolarWinds cyber attack in December 2020, and 60 Managed Service Providers and approximately 1,500 of their customers were victims of the Kaseya ransomware attack in July 2021. The ransom demanded in ransomware attacks is also increasing. REvil, the gang behind the Kaseya attack demanded a record-breaking initial ransom of $70 million.
In addition, there are concerns that many of these attacks are state sponsored. The Russian government has been accused of sponsoring the SolarWinds and Kaseya attacks, and in June 2021, President Biden of the United States tried to threaten President Putin by saying that unless Russia actively stopped these attacks, the United States would be forced to retaliate.
China too is accused of sponsoring cyber attacks on Western targets including the Microsoft Exchange attacks that were revealed in March 2021. That attack was carried out by Hafnium, a hacking group sponsored by the Chinese state.
A perfect storm for small businesses
Organisations of all sizes are becoming collateral damage in the cyber security war that is being fought at the highest levels around the world.
Where there are some successes in the fight to remove threat actors (for example a coordinated group of national security agencies, police forces, and other cyber security professionals across the US and Europe closed down Emotet, the most prolific malware of 2019/2020), attacks are not decreasing, and governments are impotent to stop them in the face of state sponsored, hidden attackers.
The increased number of ransomware attacks is also impacting organisations who haven’t experienced an attack. The cost of cyber security insurance has increased by 7% on average for small businesses and between 10 and 40% for medium and large businesses since last year. In addition, companies are expected to have more cybersecurity protections in place in order to qualify for insurance coverage in the first place.
Some insurance companies are also limiting the cyber attacks they will cover. For example, insurance firm AXA announced in May that it will no longer pay out to French customers who pay the ransom extorted in a ransomware attack.
CyberSecurity as a Service – protecting yourself from attack
While the rate, scope, and scale of cyber attacks is increasing, the Cyber Security Breaches Survey 2021 also contains a glimmer of hope for organisations – the number of businesses who reported a cyber attack or breach actually fell from 46% in the 2020 survey to 39% in 2021.
This is not pure luck, but more likely the result of organisations putting in place better cybersecurity protections than in the past.
The challenge for small businesses however is putting in those improved cyber protections. Most small businesses simply don’t have the IT resources for a dedicated IT security team with the experience, skills, and ability to work around the clock. Implementing a full cybersecurity programme costs money that many small businesses simply do not have. And without increasingly sophisticated cyber protections in place, they are unable to get cyber insurance, creating a further tax on the company should they suffer a cyber breach.
That’s where Managed Security providers such as Transputec can help. CyberSecurity as a Service provides access to flexible, outsourced cybersecurity resources including a scalable team of experienced cybersecurity professionals, and round the clock coverage from the Security Operation Centre (SOC).
CyberSecurity as a Service is designed to provide holistic cybersecurity support including:
- Prevention technologies including endpoint detection tools such as ThreatSpike, and network and perimeter security defences;
- Round the clock monitoring of the perimeter by a dedicated SOC team of cybersecurity analysts who scan for unusual activity, warn organisations of the latest threats, and keep systems guarded 24/7, 365 days a year;
- If a cyber attack or breach does occur the team will immediately mobilise to mitigate the attack, analysing the event, and working with the organisation to assign priorities and mitigation efforts quickly and effectively.
Schedule a demo to learn more about our CyberSecurity as a Service and how we can help you protect your organisation from cyber attack.