Cyber security is arguably the most challenging issue facing companies today. According to a new governmental report on cyber security breaches for 2017, businesses are increasingly looking to websites, social media pages and the use of cloud services, meaning that companies need to ensure these platforms and services are kept secure and managed effectively.
Although the majority of businesses have spent money on cybersecurity, it’s notable that a significant proportion of businesses do not have adequate basic cyber security protection. Only 37 per cent have segregated wireless networks or any rules around encryption of personal data. With nearly half of all businesses experiencing a breach in the past twelve months, access to personal data and a wireless router hack could cost a company huge financial and reputational damage.
What was a key concern from the report was that SMEs’ and micro firms’ lack of awareness of cyber security initiatives and standards in the report. SMEs need to realise that they are an absolutely vital part of the UK economy and business infrastructure, making 99.3 per cent of all private sector businesses at the start of last year, with a total employment figure of 15.7 million. The combined annual turnover of SMEs was £1.8 trillion, which accounted for 47 per cent of all private sector turnover in the UK. This is hugely positive and has been a significant factor in the nation’s economic recovery. However that success is also why the security problem is so serious and needs to be addressed.
While larger organisations view cyber security nowadays as an essential, the majority of SMEs suffer from a crippling inferiority complex – believing they are not at risk because they are not big or important enough to be a target to hackers. Data is now fast becoming the new economy, which makes SMEs are particularly vulnerable as millions of consumers share their data with SMEs every day. This makes them a very attractive proposition to criminals looking to get hold of valuable data – whether corporate or personal.
Setting up fundamental security
SMEs also find themselves a target as and most large companies work with SMEs in their supply chain, as they are often part of a supply chain and provide a gateway in to bigger organisations and tend not to have the same level of security as their larger counterparts. Not only does this mean that they are an attractive option to hackers, they are often an easy one.
With threats continuing to evolve on a daily basis and becoming an ever increasingly complex area, with cyber criminals becoming all the time more intelligent in their approach to beating defences.
Advanced Persistent Threat (APT) is a good example that is becoming ever more common. This network attack provides a cybercriminal access to a network and can stay in there undetected for a long period of time. This is very different to threats of yesteryear which were all about getting into a system and making a lot of noise and obvious impact to disrupt the user – nowadays they are much more stealthy and sit their patiently as their intention is to steal data rather than cause damage to the network or business.
Defending against and mitigating such attacks is very challenging and larger businesses invest in highly complex security systems to protect themselves. It is often the case that SMEs don’t feel they can afford such investment but the truth is that there are some security measures that can be taken without huge cost.
All businesses, no matter how big or small need five fundamental security measures in place. They need to stay with web security with perimeter firewall, application control, network segmentation, IPS (Intrusion Prevention Systems) and email security. If these are put in place, you begin to build a defence with these security pillars as your foundation. As the business grows, further investment can be then made and built on top of this.
It is vital that SMEs have these security measures in place as it is not only themselves that they need to think about. Cyber hackers may attack a SME not to gain access to their customer or corporate data – but with a whole other agenda in mind.
Cyber crime is here to stay
With many SMEs working with other partners and as part of a supply chain for larger organisations to help provide the best solutions to their customers. For instance, an international IT services company may provide a managed service, but the likelihood is some of the solutions within that will be provided by their partner, which will usually be a SME.
Hackers are aware that SMEs will typically have less vigorous security measures in place than the larger businesses and so are an easier target and can use the SME to access the systems of big-name larger brands. This may well be the most damaging threat to a SME. Not only is the SMEs data at risk, but if found to be the weak link in a large organisation’s security defence, there is the likelihood that partner and the hundreds of customers that come with them. The reputational and financial damage that will do could be catastrophic to a small business.
Cybercrime is not an issue that is going to disappear anytime soon; we’ve seen it disrupt businesses, healthcare systems and even elections. Therefore, building layered security defences spanning encryption, firewalls, web filtering and ongoing threat monitoring is paramount to ensuring a company has a robust cyber defence strategy to counteract threat actors. In a war between business security and hackers, don’t bring a sword to a gunfight.
David Navin, Corporate Security Specialist at Smoothwall
Image Credit: Maksim Kabakou / Shutterstock