Why Cyber-Attacks Should Be Such a Concern to SME's
Over the last five years, the psyche of the cyber-criminal has changed. Traditionally, cyber-attacks have targeted the rich pickings on offer at large multinational corporations, but hackers have now developed the ability to weaponise the dual technologies of artificial intelligence (AI) and machine learning. This allows them to unleash automated waves of cyber-attacks en masse, which are specifically tailored to exploit the lower-hanging fruit of small- and medium-sized enterprises (SMEs) with minimal effort.
This worrying trend is reflected in the statistics. The UK Government Cyber Security Breaches Survey 2018, showed that close to 50% of businesses have experienced a cyber security breach or attack in the last 12 months, yet worryingly only 27% have a formal cyber security policy or policies in place. Clearly, cyber-security should be high on any business owner’s agenda – but it’s not. So, we must ask ourselves, why?
Like Spinning Plates
By their very definition, SMEs are often limited in their resources. This means they often can’t employ staff skilled in cyber-security or afford the resources to provide requisite training and are reluctant to invest substantial amounts of money in shoring up their defences through software. With so many other plates to keep spinning at the same time, it can often be a straight shoot-out between investing in cyber-security and other important costs, and spending on cyber-security does not get the focus it should. Which can end up being a costly mistake in itself.
For our part, the industry doesn’t seem to make things easier. Far too often, security specialists exacerbate the situation by creating solutions and services that are too big, too complicated and, above all, too expensive. This not only puts even more pressure on an already overwrought situation, but also creates confusion and frustration around the issue, deterring SMEs from properly engaging with it. This results in little or no action being taken at all, which can be catastrophic in the event that an attack does take place.
Fail To Prepare...
We’ve seen repeatedly the reputational and financial costs of attacks, in many cases reaching the 10’s of thousands or more. While these figures might be small fry in comparison to the fortunes on offer from targeting corporations, they are enough to hamstring and even bankrupt SMEs. What’s more, SMEs generally have little in the way of contingency plans in place, meaning they’re more likely to pay up. This is just another reason why they’re increasingly popular targets for unscrupulous hackers.
The problem only becomes trickier when companies side-line it. It has been highly documented that the origin of many attacks stems from weak password security practices. Similarly, lack of process surrounding updates and patching software (the very culprit which caused the WannaCry scandal) and poor awareness of phishing email scams open the back door to hackers and attackers. Failing to prepare is, in this case, almost like preparing to fold.
Education Not Speculation
While budgetary and staffing concerns are an understandable reason for SMEs to let cyber security take a lesser priority than it should, the good news is that a significant financial outlay isn’t always necessary to reduce the risk of falling prey to the next ransomware outbreak or malware epidemic. Instead, SMEs are more in need of guidance from industry experts than expensive tools from overpriced security vendors. Simple measures to educate employees on basic security protocols (such as password strength/policy, spotting malicious emails, regular patching and fail-safes, etc.) can strengthen the weakest links considerably. At the same time, having a robust contingency plan in place, including back-ups and archives of all sensitive information, is also key to bouncing back if disaster does strike.
At Quorum Cyber, we believe in working with you to mitigate cyber-security threats and strengthen your company’s own innate defences, rather than peddling overly complicated sales packages. We believe in ‘just enough’ security; in other words, the right amount of expenditure and coverage for your business. We believe the best thing you can ask yourself is, what is the best thing you can spend your budget on to get a clearer view of your risk landscape and how that can be mitigated? Our Security Health Check does exactly that. We conduct an in-depth review of your organisation’s ‘as-is’ security maturity, measuring the security posture against a standard that is right for you.
To learn more about any of our services and how we can help, get in touch with Quorum Cyber today and we’ll be happy to talk you through your options.