By WatchGuard Technologies With recent news headlines being dominated by big name cybersecurity breaches like Gmail, Xbox and DocuSign you would be forgiven for thinking that hackers prefer to target the big brands. However, the truth is that 43% of cyber-attacks are committed on small businesses with the impact being far more devastating. Three out […]
By WatchGuard Technologies
With recent news headlines being dominated by big name cybersecurity breaches like Gmail, Xbox and DocuSign you would be forgiven for thinking that hackers prefer to target the big brands. However, the truth is that 43% of cyber-attacks are committed on small businesses with the impact being far more devastating. Three out of five companies who suffer a breach actually go out of business within six months of the attack. This can be a result of the cost to restore their systems after an attack, loss of revenue caused by the breach or even as a result of a lack of trust by their customers with their personal data.
In the UK, almost 74% of SMEs were victims of cyber-attacks or a security breach in 2015. Companies like Blackburn based vehicle hire company, MNH Platinum, who fell victim to a virus that encrypted more than 12,000 crucial company files. A ransom of £3000 was demanded in exchange for a decryption key. The result of one member of staff clicking on a link in an innocuous email, the company paid the ransom.
Why pick on the little guy?
Common sense would suggest that the potential rewards of hacking a multinational company like Tesco Bank (November 2016 affecting 40,000 customers) would be far greater than that of a small business. However, the critical difference between the two is vulnerability.
Small businesses are far less likely to have robust cyber security systems with research undertaken by the Ponemon Institute suggesting that only 14% of small businesses rating their ability to mitigate cyber vulnerabilities, risks and attacks as being “highly effective”.
Add to this the simple fact that small businesses are more likely to pay a ransom because they do not have sufficient capital to either ‘ride out’ any down time or to defend against a sophisticated attack and you can see why small businesses are easy, but rich, pickings for cyber criminals.
The First 48 Hours
Preventing a cyber-attack isn’t easy and is an inevitable part of running a business. What is crucial is having adequate defences in place that make your business less vulnerable as well as having a solid first response plan to put in action after a breach has been made.
To prevent hackers accessing your network, you should ensure that:
- Software is kept up to date.
- Files are regularly backed up.
- Bank accounts are enabled with flagging systems to alert you to any unusual activity.
- A robust firewall is in place.
- You consider upgrading security to a unified threat management system.
- You outsource security if you don’t have the in-house expertise.
The first 48 hours after a breach has been identified as the most critical and the success of your recovery from an attack will rely on how prepared you are. Having a well-planned response strategy is key to mitigating the impact of an attack.
Lastly, having a plan in place for the eventuality of being attacked by ransomware can also be crucial. Before you opt to pay, consider the other options you may have such as rebuild recovery, claiming through your Cyber Liability Insurance or accessing free help from the Dutch/Europol site, NoMoreRansom.org