In spite of the many horror stories we constantly read about regarding cyber-attacks and cyber-crime, it would appear that many smaller businesses remain unaffected by the concerns that are worrying the rest of us. This apparent lack of concern is understandable, as they mistakenly believe that most cyber-attacks are directed at larger institutions and organisations like governments, institutions, banks and multi-national companies. They do not believe they will be the next hacking victims in this long list, as they feel they have nothing of value for the cyber-attackers to steal or exploit. Besides which, they have Firewalls and anti-virus software packages in place to monitor their systems and protect their assets, so what do they have to fear? Well, if they have even the remotest trust in statistics and probability, the answer is plenty. Size is immaterial in the world of cyber-criminality: vulnerability is the issue. If a business is an easy target, then size is not important.
Hacking and cyber-criminality are a major threat across all sectors of the economy. The problem is so severe that the government has even set up its own dedicated cyber threat unit. The latest available government figures show that 81 per cent of large organisations and 60 percent of smaller businesses have suffered a cyber-breach in the last 12 months alone. The estimated cost of one of these breaches was £500,000, but the overall cost in terms of reputational damage, and the loss of intellectual property and customer data was considerably higher. Many of those businesses remained blissfully aware of the attack: they were only informed when the breach was discovered by a third party. In fact the same government statistics claim that the average delay between cyber-breach and discovery is 229 days. In that time hackers are free to exploit business assets and gain the maximum traction.
How can your business tell if it’s been attacked?
Well, there are no hard and fast rules, but you should be able to make a calculated guess if one or all of these issues starts to affect your business:
• Your customers are prevented from using your services by technical issues (just think of the problems encountered by online bank account users over the last 12 months for evidence of this)
• Your direct market competitors mysteriously start launching products and services which are uncannily similar to the ones you were about to offer customers
• You receive an alert from a network monitoring server, or
• A third part informs you of the breach.
If any of these issues starts to affect your business, then unfortunately you’ve already lost. The wiser strategy is prevention and detecting the threat before it has the chance to do damage. However, if one or more of these issues does affect your business, then you should take action as soon as possible. Cyber-attacks are now incredibly sophisticated and can move rapidly, deleting evidence of their criminality as they delve deeper into business resources and assets.
What should you do if your business suffers a cyber-attack?
The obvious answer is to contact a security professional as soon as possible. They will be able to verify the nature, extent and potential impact of the threat, block the attacker’s means of exit, address any identified security vulnerabilities and collect and process critical evidence and data associated with the attack.
Whether we choose to accept the fact or not, cyber-threat is an issue from which we are all at threat. We can no longer bury our heads in the sand and hope the problem will pass us by: we have to take action and address our security vulnerabilities before others exploit them.
If you are concerned about the escalating security challenges facing businesses today and would like to take precautions, then why not speak to Krypsys? Krypsys’ services are focused on helping you assess your security posture against current and evolving security threats and educating you on the risks to which you are exposed. We have a wealth of experience in security projects in both the public and private sectors and have worked with organisations to protect high value information assets such as trading platforms, e-commerce systems, data-centres and cloud services. We also work with leading IT security vendors and specialist consultancies to close the gaps in your own IT security strategy and to assist in streamlining and prioritising your risk management spending.
Whether you’re looking for help with penetration testing and security reviews, or are looking for advice on security compliance and web security solutions, Krypsys can help you. For more information on web security solutions from Barracuda Networks, Check Point, Alien Vault and Netwrix, please contact Krypsys on 0845 474 3031 or [email protected].