Larger organisations are often found in the news as victims of cyber crime. We have seen NHS hospitals taken off-line by WannaCry last year and how a presidential election can be sabotaged with email hacking. What about smaller businesses?
The Hiscox 2018 Cyber Readiness Report was published this month and 4100 organisations from the UK, US, Germany, Spain and The Netherlands were tested and evaluated as part of the report. 7 out of 10 organisations were found to have failed the passing grade.
Inside the report, The data showed that if you are a company of 1-19 staff, there is a 23% risk you will be targeted by hackers. If you are a 250+ staff company, the number leaps to 55% and for those with 500+ staff, the number averages around 70%
You may be thinking "Well yeah, that is obvious!, of course the bad guys will go after the bigger targets" but the bulk of businesses hit by cyber crime were not the main target to begin with.
The WannaCry cyber attack affected 150 countries and over 230000 devices. The hackers behind the attack first used WannaCry on the 10th of February 2017 against a single company. After acquiring a copy of a stolen NSA cyber-tool, the hackers let the virus loose globally in May 2017 with devasating results to companies, Government bodies and the UK NHS.
The average cost for a small business is between £2k - £500k after a cyber attack. Cyber criminals are spending more time and effort targetting large groups of businesses and scooping as many as they can in a single strike. All it takes is for a member of staff to click on a bad attachment in an email and your business is compromised.
As 73% of organisations are unprepared for a cyber attack today. What can small businesses do?
Do not spend money on technology solutions alone.
"The Hiscox view
Spending on technology is often the easy
part. To be effective, you have to move
on all fronts together. That means people,
processes and technology. Simply
spending on technology is not enough
without a fully structured, rigorous set of
processes combined with people who are
fully aware of the issues. It is especially
disappointing that so few people appear
to simulate a cyber attack and practise
what to do when their systems go down."
There are cyber security products which have been sold into businesses, and the same businesses will still suffer a cyber attack after spending the money on a solution, consider the following suggestions instead.
- If you have IT staff in house, when was the last time you invested in training for them? If there is a cyber incident, how quickly can the business get back up and running? Is there a plan and process?
- For employees in the business, have they been taught security-101? Are they being responsible with data and doing their best to keep it secure? Are they accidentally letting the bad guys in?
- Have you considered Cyber-Insurance? Remembering that if you have not been found to have done your part, the insurer may not pay out.
The GDPR clock is ticking for cyber-security
When GDPR comes into effect in May 2018, If personal data on individuals is stolen in a cyber breach, possible fines of up to eighteen million pounds will be issued to the business if they have not done enough to safeguard the data.
Next steps for help
We help a number of businesses with their cyber-security concerns, from a one off anti-hacker test to on-going defence of their business and data.