Big hacks may make the headlines but no one is too small to be safe, Maintel’s Jean-Frederic Karcher recommends the best steps to take to protect your business.
Quite literally, every day someone gets hacked!
Whether that's a telecommunications company having its customer data stolen, or another big US retail chain being ripped for all the credit cards it processes, today one hack just seems to blend into the next one. But hacking doesn’t just affected the big players, everyone has to be equally wary and alert.
Over the last month (May 2016), we've seen quite a few infamous data breaches; including four leaks affecting many millions of people including LinkedIn (167 Million), myspace (360 M), tumblr (50 M) and the dating website fling.com (40 M) made public. And now that stolen data is all on sale on the darknet, and for a substantial amount of anonymous bitcoins!
So, you thought you were too small to be a target for hackers? Well, think again…
June has also been an interesting month, with several data dumps also posted online from previous breaches highlight the dangers for business of any size. Now, if most of us had good password policy in mind (and we all used unique passwords for every online account we have), this wouldn’t be much of an issue. But we all know that password re-use is all too common these days unfortunately! So my best advice here is to change your passwords NOW, make them different and make them unique… and without any further delay ;-).
Retail fraud (i.e. fraud committed against retailers) has risen significantly in the last few months. On the leader board for cybercrime, this sector is on the top step of the podium for online crime reported in the past 12 months, likely due to the Christmas and winter sale period.
So, with these highlights in mind, I think we all agree that hacking isn’t a hobby anymore - it has now become a full blown “mainstream” (criminal) industry. The worldwide cybersecurity market was about $75 billion in 2015 and is expected to grow to $170 billion by 2020, according to market research firm Cybersecurity Ventures (Q2 2016). Cybersecurity attacks cost businesses $400 billion to $500 billion a year (*). From a UK perspective, businesses reported losses of £1+ billion in the past year, up 22% compared to last year, according to figures released by Get Safe Online and the UK’s national fraud and cybercrime reporting centre Action Fraud (June 2016).
According to new analysis from the Federation of Small Businesses (Cyber Resilience: How to Protect Small Firms in the Digital Economy - June 2016), small firms in the UK collectively fall victim to cybercrime seven million times per year. And this despite 93% of small firms having taken steps to protect their business from cyber threats. Simply put, those measures have proven inadequate: 66% of small businesses have been a victim of cyber-crime. These businesses suffer an average of four cyber-crimes every two years at a cost of nearly £3,000. Phishing (49%), spear phishing (37%) and malware (29%) attacks are the most frequently reported methods.
The Government’s Cyber Governance Health Check also found that:
- Only 1/3 of the UK’s top 350 businesses understand the threat of a cyber attack
- Only 1/5 of businesses have a clear view of the dangers of sharing information with third parties
- Many firms are, however, getting better at managing cyber risks, with almost 2/3 now describing their approach to cyber security in their annual report.
And the Government is consistently encouraging all firms to take action such as:
- 10 Steps to Cyber Security, providing advice to large businesses and,
- The Cyber Essentials scheme, available to all UK firms.
Small and mid-sized businesses often make a strategic mistake by assuming that they are too small to be targeted by and of interest to hackers. Right now though, a lot of the challenges come about from how enterprises are connected and need to be visible on their marketplace to do profitable business. Many companies do not understand how cyber criminals leverage social tools and technologies to gain access to businesses and their data or employees.
I can assure you that cyber attackers believe in equal opportunity for targets. Criminals are mainly seeking an easier way to make money, and they need to have a very high return on their investment. Therefore, I often recommend that businesses create layered security controls, as an evolution of conventional perimeter-based defences. A firewall only policy is not enough anymore!
So to cut a long story short, the best advice is to make yourself expensive to hack, and increase the cost to the attackers!
(*) Meanwhile, more than 209,000 cyber security jobs were left unfilled in 2015…