The topic of cyber security is increasingly at the top of the agenda for business leaders, especially with the number of ransomware attacks on the rise. According to research from McAfee, ransomware attacks – in which corporate data is hacked and held hostage by cyber criminals in return for financial payments – have risen more than ten-fold in the last two and a half years.
This (rise) is in part due to hacking methods becoming more sophisticated with cyber criminals having evolved their techniques from the more traditional routes such as malware, worms or viruses, for which IT defences are designed for. Instead, hackers are looking to new tactics including the hiring of moles or internal spies – such as former or existing employees – to pinpoint weaknesses within the businesses and tap into data in return for a monetary sum or other incentive.
Small businesses a prime target
It is often only global corporations that we hear are experiencing these attacks, with eBay and Domino’s Pizza just two brands to have had personal records held to ransom in 2014. While they certainly create headlines, it is largely SMEs that are most at risk – due in part to a limited awareness as well as insufficient security measures. In fact, a recent survey from Kaspersky Lab, revealed that three quarters of SMEs believed their business was too small to be of interest to cyber criminals with just under 60% of respondents stating that they thought the data they held would simply not be of interest. And yet an attack can have devastating consequences on a business, damaging its reputation and causing customers to undergo a serious crisis of confidence.
Prevention, not cure
A number of these attacks are successful due to outdated systems and processes. It’s easy for businesses to slip in to a ‘fit and forget’ culture whereby security defences – including anti-virus software, software patches and firewalls – are installed but neglected soon after. This includes the need to make regular checks and ensure that software remains up-to-date. By sidestepping this, businesses are finding themselves with a number of legacy processes that are simply not sufficient to protect against modern threats.
Ransomware programmes are becoming more readily available as an easily downloadable online kit, which means that the number of amateur cyber criminals are increasing as hackers become more confident in their technological capability. It’s likely that businesses not carrying out regular tests on their protection measures may have already been compromised. As such, it is critical that organisations regularly check the three core pillars of defence; anti-virus software, software patches and firewall.
Communicating the danger to employees
For smaller businesses, which may not have a dedicated IT department, it’s important to educate staff about the possible ways the business can be subjected to an attack. It may be something as simple as clicking on an infected pop-up or visiting an infected site. Similarly, it’s important to be aware of any remote access that a business or individual may have to your device, including any visitors to the building that may be using a USB port to download a presentation for example.
There’s little point in maintaining technology if staff are only going to disable it in order to gain access to a site that is being flagged as potentially dangerous. In promoting the danger of possible threats from the inside out, businesses can create a ‘think twice’ mentality that goes some way in reducing their vulnerability.
It’s important to remember that holding corporate data to ransom is no longer just a concern for big businesses, as criminals are no longer afraid to invest heavily to get what they want. For smaller businesses, it may seem difficult to justify investment in security defences for an attack that hasn’t yet happened, but companies often do not know that they’ve already encountered a software attack. To prevent against this, it’s crucial that businesses invest in security technology that is regularly checked and kept up to date. In doing so, we can create a culture that is prevention, not cure.