Business Technology

Published

SMEs aren’t exempt from the wrath of cyber criminals

7 Mins

According to the report, the struggle to constrain the operational space of attackers is the biggest challenge facing businesses and threatens the underlying foundation required for digital transformation. It echoes recent research from Bottomline Technologies, which claimed 53 per cent of SMEs have been impacted by financial fraud and were weary of the digital space.

The MCR explained that ransomware was the most profitable malware type in history, with the trend expected to soon include destructive versions that could spread by itself and hold entire networks, and therefore companies, hostage. That being said, it was revealed that a lack of formal processes to install security updates, the absence of a dedicated security teams, as well as lengthy time to detect attackers are expanding the threat surface and fuelling vulnerabilities.

“It is crucial that businesses find a balance between the opportunity posed by the digital space and the benefits to customers and ultimately revenue, and ensure that a business is protected across every access point, before during and after an attack,” it said.

On the matter, Laila Khudairi, head of cyber at Lloyd’s, exclaimed: “The fact that ransomware is set to evolve over the next few years is hardly a surprise. The media regularly reminds us how even some of the biggest organisations can be disrupted by ransom events and clearly more needs to be done to combat this rapidly growing threat.”

What’s more alarming, she suggested, was that numerous firms – SMEs in particular – are unprepared for the impact such events can have on balance sheets.

“So while a robust security programme is vital to improve every-day practises, it’s equally important for security teams to work with cyber insurers to get a full understanding of the types of risk their organisation is vulnerable to,” Khudairi said. This will allow businesses to protect the bottom-line whilst minimising the associated costs of a cyber-event including legal liability costs, regulatory fines and reputational harm.

Read more on cyber crime:

With the report predicting a new next generation of cyber attacks, it is vital that businesses look seriously at cybersecurity initiatives. This is according to Rob Norris, director of enterprise and cyber security in EMEIA at Fujitsu, who threw in his two cents on the subject. 

“In today’s digital landscape all businesses that use technology are at risk no matter the size,” he said. “The truth is that many bosses don’t see their firms as ‘high value targets’ for attackers and it’s likely that they have very minimal protection or staff training and awareness because of it.” 

In fact, SMEs are fast becoming a favoured target of cyber criminals, he added – and such firms are almost always unprepared. “Many malicious actors will consider these businesses as easy targets and will look to hold organisations to ransom through a ‘soft attack’ that compromises its data.”

There’s actual proof that SMEs aren’t exempt from cyber crime, as was highlighted by Toni Allen, UK head of client propositions at the British Standards Institute, who said one of the latest “Government Security Breaches Surveys” found that 74 per cent of small firms reported a security breach in the last year – an increase on the 2013 and 2014 survey.

“To combat this, it’s vital organisations take a proactive approach when it comes to security,” said Norris. “Organisations need to focus on the integration of threat intelligence and other information sources to provide the context necessary to deal with today’s advanced cyber threats. We’re only going to see more types of attacks – as highlighted in our cyber threats report – so it’s important that businesses get this right.”

Similarly, Richard Brown, director EMEA channels an alliances at Arbor Networks, had some advice to offer. 

“The report highlights the expanding focus of attackers and evolving attack methods organisations are now being hit with,” he said. “It once again reminds us how important it is to be prepared and have the right processes and people in place. Cyber criminals continue to be incredibly innovative, and more often than not have access to the same defensive tech as the networks they are attacking, so it is imperative for firms to leverage their human security resources to proactively identify threats. This is key to decreasing time to detection, and can be the difference between stopping an attack in its tracks or sacrificing valuable data.

“The ease with which criminals can launch crippling attacks is only increasing, as hackers open up the source code for others to use. The more hackers that have access to this kind of information, the more varied attacks we will see and because of this, a proactive posture is the only way for an organisation to combat this risk.”

Image: Shutterstock

Security expert Emma Philpott has said: “There’s a lot of great talk, but most SMEs do nothing about cyber security. It’s shocking.” Is your business among those Philpott is referring to?

Share this story

Planning your personal exit is as important as that of your business
Into the mind of Sam Allardyce: Could the safe bet be the best bet?
Send this to a friend