Cyber attacks are rising dramatically. A recent report by Hiscox unearths a concerning trend: the number of overall businesses who have suffered at least one cyber attack in a year has steadily increased every year for the past four years, with 53% of businesses suffering a cyber attack, up from 48% the previous year.
The proportion of small businesses with fewer than 10 employees becoming victims of a cyber attack has also increased over the same time period from 23% to 36%.
According to the report, the favourite entry point for hackers is business email compromise as mentioned by 35% of targeted companies.
This represents a massive risk to small and medium businesses and it’s imperative that businesses protect themselves, their assets and their clients from increasingly advanced cyber attacks.
The damage from these attacks can be long-lasting but isn’t just limited to financial and reputational. A cyber attack can compromise the viability of your business. In fact, in a report from The Office of Cyber Security and Information Assurance in the cabinet office the cost of cyber crime to UK businesses per annum is an estimated £21bn from IP theft, industrial espionage and extortion targeted at UK businesses.
In today’s climate, a cyber attack is no longer a case of ‘if’ but ‘when’ so it’s critical that your people are prepared.
The risks to small businesses
Phishing is one of the most common forms of cyber attack and the most effective. A cleverly designed email or message is sent, which looks authentic. When the recipient clicks on a link in the email it captures users’ data, which is then used to commit online fraud. Often, links in these messages can create a gateway for malware too, meaning that users can become locked out of their systems and are instructed to pay a ransom to regain access.
All of this sounds terrifying, right? Well it certainly can be if it gets this far. You may think that you know exactly what to look out for, and perhaps your IT manager knows too. But can you be sure that all of your staff are equally well equipped to spot emails like this? All it takes is one person clicking a malicious link and it could bring your entire business to its knees.
Other common cyber attacks on small businesses include remote access attacks, which is when attackers will attempt to gain access to a device or system in order to steal personal data, passwords or financial information. Another particularly concerning, and common threat is ransomware, when malicious software (malware) is used in order to extort money. In fact, the aforementioned Hiscox report states that one of the principal routes for ransoms is via a phishing attack.
Staying alert and being prepared
The ways in which cyber attackers operate are becoming increasingly sophisticated and it can often be hard to spot fraudulent emails and messages.
That’s why it’s so important to ensure that your staff are up to date with training and awareness so they know what to look out for, what steps to take if they discover an attempted attack and what to do if your business does indeed fall victim to an attack.
Creating a culture of cyber resilience in your business is the best defence against cyber attacks. Empowering your people to identify liabilities and stop potential attacks could ultimately reduce the risk that your business will face data loss, financial fraud or reputational damage. Can you afford not to?
