27 April 2016
3 min read
Cyber crime is on the rise. UK small businesses spend around £4 million a year repairing the damage caused by cyber crime. From malware to phishing and web-based attacks, it seems like there’s a new scam to worry about every day.
The UK government’s Department for Business, Innovation and Skills (BIS) revealed that 74% of UK companies have been hacked, which makes it easier to understand how cyber crime officially overtook physical crime as the most reported offence in the UK. The same research, from the Office for National Statistics (ONS), predicted that there were 2.5 million reported incidents of cyber crime between 2014-2015.
In this article we had a look at the state of business security – and the good news is that a lot of this crime is avoidable.
Why do businesses get hacked?
The responsibility for cyber crime taking off is a very grey area, with both hackers and businesses themselves playing a part.
In our digitally connected world, it’s a lot easier and more lucrative to skim the credit card details of 1000 people and sell them on than it is to perform physical acts of theft. Hackers are tenacious and looking to take advantage of easy targets.
While it’s never appropriate to blame the victim of a crime, it’s important to realise that a lot of businesses aren’t doing everything they can to protect themselves. Small businesses might seem like a less obvious target than the likes of Sony or TalkTalk but in reality, they suffer nearly as many attacks as large enterprises – and those attacks cost more.
“Attacks on small and medium-sized businesses are remarkably common as their security tends to be less sophisticated, making them easy prey,” says Walter Rossi, of IT consultancy Daisy Group. “They are usually targeted by those aiming to steal their customers’ bank details, blackmail them, or to use them as a ‘back door’ to get into larger organisations.”
The Daisy Group estimated that half of UK businesses could be hacked in less than an hour.
KPMG, one of the Big four business consultancies, recently surveyed procurement managers, discovering that most of them would hesitate before doing business with SMBs with lax security practices. Startlingly, only seven percent of small businesses surveyed by BIS were planning on increasing their spending on information security in the year ahead.
Maintaining basic security just isn’t enough to protect yourself. Only having an antivirus program running and not encrypting sensitive data is like locking your front door but leaving the ground floor window wide open.
What’s next for business security?
Business security can only progress and continue to defend against ever more devious cyber criminals through innovative technology, cooperation and the free sharing of knowledge. What’s required is a combination of people, technology and policy working together to put up a united front against cyber crime.
The best defence begins with the education of staff. Clearly defined and easy to understand security guidelines might not turn everyone into an IT expert but it could be the difference between someone responding to a phishing attack or ignoring the email.
Secondly, business leaders need to step up and be ready to bolster their networks and devices against the threat of cyber crime. From establishing cyber attack response teams to ensuring their IT systems and networks are patched and protected at all times. This should be the new normal.
Whether you’re a business five people or you have an office on every continent, utilising the best security and resources you can will help to keep your financial data and customer information safe.
Additionally, it’ll take governments from all over the world to adopt a more holistic approach to fighting cyber crime. For example, if North Korean hackers are attacking Sony in America then a united approach to tackling the problem of international cyber gangs is necessary.
Cyber Essentials is a government-backed, industry supported scheme that helps organisations protect themselves against cyber attacks. It’ll help small businesses to educate their staff and protect themselves against common cyber crime. Those who complete the course will be certified and can even qualify for discounts on cyber theft insurance.