News

Target cyber hack shows how vulnerable smaller businesses are to digital attacks

7 min read

27 February 2015

SMEs are increasingly being targeted by hackers because of their connections to bigger businesses, but still don't understand the risks.

Small and medium-sized enterprises are at greater risk from attack by cyber hackers than larger businesses, say experts, and they should do more to protect themselves. 

Research recently published by Cyber Streetwise, part of the Home Office, reveals that two thirds (66 per cent) of SMEs don’t consider themselves to be vulnerable while less than a fifth (16 per cent) rate increasing cyber security as a top priority.

SMEs are putting a third of revenue at risk due to a lack of basic knowledge. A quarter of small businesses believe that they can’t afford cyber security while one in five says they don’t know where to start finding out more about the issue.

Tim Ryan, executive chairman at UNA, an organisation owned equally by 12 of the UK’s largest independent regional insurance brokers, said that now is the time for companies to assess their vulnerability to cyberattacks and take advantage of risk management solutions. 

He points out that the Data Protection Act 1998 makes businesses responsible for the handling of information relating to individuals. UNA points out that failing to handle this information correctly can lead to claims being made against a business and has highlighted how some insurance policies may provide elements of cyber cover, but most will exclude losses caused by a cyberattack.

“This is a pitfall for so many businesses, particularly smaller ones,” added Ryan. “A separate cyber policy will ensure that your cyber risks are fully catered for and most importantly, will ensure less of an impact on the bottom line of a business.”

With a cyber-insurance policy covering system damage, consequential reputational harm, and system business interruption, which can see a loss of profits for a small business, Ryan is concerned that cyber threats pose a considerable risk to smaller UK companies which could eventually hinder regional economic growth.

He explained: “The key for small businesses is to recognise the role insurers can play in driving improvements in cyber-security risk management. We’ve already seen a commitment from the government to work closer with insurers to help develop the UK’s cyber insurance market. SMEs should now be assessing their vulnerability to cyberattacks and taking advantage of risk management and insurance solutions to mitigate the potential for these events to harm their business.”

Read more about cyber attacks:

Daljit Paul, head of services at Networks First, a managed IT services and network support provider, commented: “SMEs’ lack of awareness of the consequences of their action or inaction has always been one of the biggest issues within cyber security. There are far more companies within the UK that simply don’t know about the threats facing their business, or their own customers, compared to those that do and have technology and services in place to protect them.”

Stories about cyber breaches inevitably focus on large companies such as the recent attack on Sony Pictures, Paul pointed out. “I’d argue that these breaches are, of course, newsworthy, but what it portrays to SMEs is that they’re not necessarily in the firing line. That’s not always the case though. The Target data breach, one of the largest ever cyber security breaches, happened because a third-party SME supplier to the retailer was breached to gain access into Target’s network.”

According to a report produced last year by insurer Zurich, SMEs are increasingly being targeted by hackers because of their connections to bigger businesses. “Cyber risks are becoming significant enough that they can no longer be entrusted solely to the IT professionals,” said the report. “Owners or CEOs of SMEs will have to somehow find time to better understand the technologies upon which their company relies. They must determine how these disruptions could lead them to lose important clients, or even force them into bankruptcy.”

Research quoted by the accountancy body ICAEW reveals that 60 per cent of small businesses suffered a malicious breach in the past year and half of them had a serious incident. The worst breaches disrupted operations for small businesses for an average of seven to ten days. The ICAEW publishes help and advice to SMEs to help them counter this.

Daljit Paul offers steps to securing your business and that of your customers and partners:

  • Lock your doors and windows – that is to say, invest in technology such as firewalls and intrusion prevention systems (IPS) to help prevent hackers from breaching your network
  • Keep systems up to date – The key here is to make sure that when patches are released for firewalls, servers, and PCs they are installed
  • User awareness training – This is possibly the single best thing you can do to improve the security across your organisation. Regular, short training sessions on topics like strong passwords and phishing can help your employees become security advocates themselves
  • User awareness training – I can’t state enough how much this will help!
  • Collaborate and communicate – Collaborating with your supplier network can be a key step in understanding the threats facing your business. Should you detect any abnormal activity whether on your own network or from a supplier then communicating and alerting partners can help stop an attack from spreading further
  • Seek expert help – If you think you’ve been breached or hacked then do not be afraid to approach third party security organisations for help.  They’re experts at what they do and can help you secure any vulnerable systems once an attack has been mitigated

Image: Shutterstock