Cyber security for businesses in 2021
Advances in security technology have seen the ever-growing sophistication for the ways in which businesses can effectively protect themselves from cyber security threats. While security technology is improving, so are the techniques, processes, and software used by criminals to target small and large businesses alike.
As a result, high proportions of businesses within the UK continue to suffer from data breaches each year, with around half of all businesses in 2020 reportedly suffering a data breach – risking the release of sensitive company information, private client information, or Intellectual property. This sees cyber-crime costing businesses in the UK £87 million over the
past six years.
with one small business in the UK suffering from a hacking incident every 19 seconds!
What are the most common cyber-attacks targeting businesses?
Some security threats aim to pose inconvenience for businesses costing time, although most modern attacks tend to be guided by the desire of criminals to steal sensitive company data, to obtain private financial information or to hold the businesses’ data to ransom. These attacks include phishing and spear phishing, ransomware and direct data breaches.
Phishing and Spear Phishing
Phishing attacks are familiar to most businesses and range from run of the mill email scams, which we are all now familiar with, through to sophisticated schemes to gain access to a businesses’ network. These attacks typically target businesses with the purpose of infecting their infrastructure with malware or other nefarious software in order to gain access to their sensitive data.
Spear Phishing attacks increase in sophistication, with the attackers making contact with, learning about or impersonating the potential victim to build trust before moving on to attack the businesses’ cyber infrastructure.
Ransomware is becoming continually more common and sophisticated. These attacks involve the install of malware onto a businesses’ network or computers. This software then encrypts all data it finds, effectively leaving the business without access to mission critical information. A promise is made by the software to unlock the encrypted files if a payment is made, usually requiring the payment to be made in Bitcoin to other Cryptocurrencies. The data may or may not be returned to its original state if the ransom is paid.
Access to company data is typically the end goal for most cyber attackers, with the view of on-selling or leaking the data online for use by other criminals. A data breach is the most serious consequence of inadequate business cyber security, leaving the businesses’ reputation at risk and its customer’s privacy compromised. In the UK it is a requirement for any breach to be reported to the Information Commissioner’s Office within 72 hours of the breach being detected.
What are the consequences of inadequate cyber security?
With these being some of the methods used by modern cyber criminals, what are the implications of cybercrimes upon business?
These consequences range from mere inconvenience but could also range to possible fines from government bodies, the need for costly forensic investigations, loss of trust by current and potential customers, reputational damage and operational interruption.
Together the continued threat of increasingly sophisticated cyber-attacks and the serious consequence of a data breach calls the need for businesses of all sizes to take these threats seriously by investing in safeguards against such attacks.