54 days to recovery: The impact of cyber crime
11 July 2016
Digital break-ins at small businesses don't get nearly enough attention. Last year, the government found that two-thirds of UK small businesses don't consider themselves to be vulnerable to cyber crime.
Yet, that same year, 74 percent of small organisations surveyed by the Department of Business, Innovation, and Skills reported a data breach. The companies' worst single breach cost an average of £311,000 to clear up - nearly double that of the previous year. SMBs are paying a huge and growing price to recover from incidents that can take months to fix.
Often, the damage caused by cyber crime comes in the form of lost opportunity. According to a recent poll of procurement managers from business consultancy KPMG, the vast majority would avoid awarding contracts to small businesses found to have lax security practices and poor protection for clients' data. Where cyber crime makes its mark
According to IT consultancy Daisy Group, half of UK small businesses could be hacked in under an hour – but the recovery from a breach takes far longer.
Here's how long on average, for nine types of cyber attacks
How do these attacks work? Let's take them one at a time:
- Malicious insiders
Employees who have a security pass to your whole business can cause damage that is hard to detect and clean up. Make sure that access to sensitive systems is tiered according to those who need it. The waiter at your five-star restaurant doesn't need to login to the accounting and inventory software.
- Malicious code
Software created to steal data or harm systems may be built on a bedrock of malicious code that executes the attack itself. It can be accidentally downloaded through infected sites, or email links and attachments - so be careful what you click.
- Web-based attacks
As with malicious code, visit an infected site and your computer may end up downloading code meant to steal information or breach your system and others it's connected to.
- Phishing and social engineering
Usually conducted via email, a phishing attack is masked as a legitimate email from trusted entities such as banks or your email provider, requesting identifying information. An attack using social engineering is similar in that the cyber crook uses specific information gleaned about a target to manipulate them into sharing logins or other private details.
- Denial of service attack
Cyber criminals sometimes use botnets (see below) to take remote control of computers and then force them to spam a network with junk traffic, causing a system failure.
- Stolen devices
A potentially crippling crime because of how much data resides on laptops and mobile devices. The good news? Most smartphone and computer operating systems have software for remotely erasing lost devices. Without this sort of safeguard, it could take much longer to stem the damage caused by a stolen device.
Any software designed to harm a system, although for the purposes of the Ponemon study, malware was defined as having already infiltrated a network, in contrast to viruses that had infected individual devices only.
- Viruses, worms and trojans
Malicious code that is capable of replicating and spreading across a network. The difference is only in how each attack is executed. Viruses are spread by users who click on a file or email. Worms may independently replicate to infect a network of connected computers, while trojans must be installed.
A slew of Internet-connected computers remotely controlled by a cyber criminal without the owner's knowledge, for instance, to assemble a digital army for sending spam or unleashing a denial of service attack.
Security and privacy research centre Ponemon Institute found that UK small businesses paid around £4 million to repair the damage from cyber attacks in 2015. Distributed denial of service attacks were the costliest cyber crimes at around £960,000 to repair, nearly as much as the £1 million price tag on recovering from malicious code and malware (including viruses and worms). While these attacks can be sophisticated and difficult to prevent, intrusion detection systems and other forms of diagnosing technology can help to improve response and recovery time.
What you can do
The crucial fact is: The longer it takes to repair the damage, the more cyber attacks can cost businesses. Quicken the recovery process by creating a breach management plan so that every member of staff from the IT department to your PR team is clear on what to do in the event of a successful attack.
For expert advice on cyber security best practices, download our Cyber security for small businesses ebook.