It may make harsh reading but Philpott was actually simply confirming what most in the security industry will tell you – that SMEs rarely have clear, watertight security processes in place and this presents a rather inviting opportunity to hackers.SMEs are an absolutely vital part of the UK economy, accounting for 99.9 per cent of all private sector businesses at the start of 2015, with a total employment figure of 15.6m people. The combined annual turnover of SMEs was £1.8tn, which accounted for 47 per cent of all private sector turnover in the UK. This is hugely positive and has been a significant factor in the nation’s economic recovery. However, that success is also why the security problem is so serious and needs to be addressed. It isn’t that SMEs are over-confident or ignorant to the threat of cybercrime. They read the papers too and they too see the likes of TalkTalk and Sony suffering the reputational and financial impact of an attack. But this is part of the problem. The majority of SMEs suffer from a crippling inferiority complex – believing they are not at risk because they are not big or important enough to be a target to hackers. They are wrong. Millions of consumers share their data with SMEs every day and most large companies work with SMEs in their supply chain. This makes them a very attractive proposition to criminals looking to get hold of valuable data – whether corporate or personal. Aside from the value of the data they hold, there are essentially two core reasons why SMEs are a very attractive target to a hacker: (1) SMEs don’t tend to have the same level of security in place as larger counterparts. This means they are not only an appealing option to hackers, they are often an easy one. (2) SMEs are often part of the supply chains of larger companies and could therefore provide hackers with a way in to attack the “big names”. Be proactive, not reactive Security is a complex area. Threats are continually evolving, with cyber criminals increasingly intelligent in their approach to beating defences. A good example is the increasingly common Advanced Persistent Threat (APT). This is a network attack in which a cybercriminal gains access to a network and stays there undetected for a long period of time. This is very different to threats of yesteryear which were all about getting into a system and making a lot of noise and obvious impact to disrupt the user. The intention of an APT attack is to steal data rather than to cause damage to the network or organisation. Generally speaking, APT attacks tend to target organisations in sectors with high-value information, such as national defence, technology or digital businesses and the financial industry. Mitigating against such attacks is very challenging and larger businesses invest in highly complex security systems to protect themselves. SMEs often don’t feel they can afford such investment but the truth is that there are some security measures that can be taken without huge cost. There are five fundamental security measures every business should have in place. These are: web security with perimeter firewall, application control, network segmentation, IPS (Intrusion Prevention Systems) and email security. If these are put in place, you begin to build a defence with these security pillars as your foundation. As the business grows, further investment can be then made and built on top of this.
Read more on cyber crime:
- Tricks of the trade to avoid cyber scammers
- Eight ways British SMEs can fight hackers and prevent cyber crime
- Ashley Madison hack could be hugely lucrative, but that’s not the only thing to fear
Elsewhere, in attempt to be forward-thinking, House of Fraser launched Twitter campaign so strange that users suspected a hack.David Navin is head of corporate at web security firm Smoothwall Image: Shutterstock
Share this story