Cybercrime and SME’s – why your business could be next



What do the terms ‘malware’ and ‘ransomware’ mean to you? Probably not very much given that they sound more like plot lines from an Ian Flemming novel rather than very real threats to the stability and viability of our businesses.

However, they are likely to become as familiar to small business owners as ‘profit’ and ‘invoice’ are to us now.

Why? Well according to recent government figures, some 53 per cent of SMEs were the targets of cyber crime in 2023. And ransomware (which is a type of malware) is the preferred method of attack used by cyber criminals. These figures are likely to be an underestimate as many SMEs prefer to ‘pay-up’ and say nothing rather than draw unwelcome attention to themselves.

Ransomware is a particularly vicious kind of cyber-attack where a piece of malicious software infiltrates a company’s IT network and renders it inaccessible until a ransom demand is paid.

So why should SMEs in particular be concerned about cyber-attacks? Many SMEs believe that they are too small or too niche to be attractive to ransomware criminals. That attitude is exactly why SMEs can find themselves in the crosshairs.

SMEs are easy picking for cyber criminals as they frequently have the weakest anti-virus software installed. Off-the-shelf antivirus protection packages are no match against sophisticated cyber criminals who will simply brush aside virus protection software. It’s like throwing a cup of water on a house-fire. Also, cyber criminals could well be targeting larger companies along your supply chain.

Small businesses find themselves victims of ransomware, not because they have been individually targeted by a criminal, but because of simple human error.

Believing that they are unlikely to fall victims to a cyber-attack, the majority of SMEs fail to adequately inform and educate staff about cybercrime and what to look out for, particularly with regard to ‘phishing’ assaults. This is where a perfectly normal looking email – perhaps from a supplier or government agency – is opened and instead of being legitimate, it is laced with ransomware and once unleashed onto an SMEs computer network it wreaks havoc.

Without comprehensive protection, and staff training too many SMEs will panic and simply give-in to a ransomware demand, hoping that cyber criminals will be honest enough to release the crucial data they have ring-fenced and encrypted – like bank account details or customer account information.

Why would a cyber criminal kill the goose that has just started to lay golden eggs?

One small business we know fell victim to a devastating ransomware assault. A member of staff at a dental practice in the Midlands received what looked like an invoice from a supplier. It wasn’t. Once opened, ransomware was released  and the practice was unable to access patient records, appointment details and billing information. Then the demands for payment appeared.  If they refused to pay, the data could be destroyed, or sold to the highest bidder on the dark web.

Another SME client of ours (well, they are now) watched helpless as, at exactly 08.00am, some 3000 emails left their servers and went to clients and suppliers. There was nothing they could do. A colleague had worked on a home computer at the weekend and saved the work onto a memory stick. Once plugged into the company’s network on Monday morning, the network was flooded with ransomware.

A client was attending a trade exhibition and was on an exhibitor’s chat room. Up popped an advertisement for exhibition furniture. It looked interesting, so they clicked on it to find out more. It was riddled with ransomware, and we were called in to clean up the mess and create the strongest malware identification, isolation and removal package.

These attacks on SMEs inevitably lead to huge disruption, significant cost, loss of business focus, loss of revenue, reputational damage and ultimately bankruptcy. Not to mention the legal consequences and non-compliance issues.

The recent trends toward working remotely, often from home, or storing data in the cloud, accepting on-line payments and conducting business online, all conspire to create a cyber criminal’s playground.

There are several actions that SMEs can take to minimise their exposure to criminality including:

  • Training employees to identify phishing attempts
  • Backing up data and keeping it offline
  • Keeping security patches up to date
  • Having robust anti-spam processes
  • Introducing multi-factor authentication
  • Configuring your firewall to repel invaders…and so on.

If all that sounds a bit overwhelming, then outsource all of it to a cyber security specialist company which has a commercial interest in keeping your business safe.

All the indicators are that 2024 will be the year that SMEs are confronted by wave after wave of catastrophic cyber-attacks. All the signs are there and in the realm of cyber criminality, prevention is far better than cure.





Source link


Like it? Share with your friends!

What's Your Reaction?

hate hate
0
hate
confused confused
0
confused
fail fail
0
fail
fun fun
0
fun
geeky geeky
0
geeky
love love
0
love
lol lol
0
lol
omg omg
0
omg
win win
0
win
Administrator

0 Comments

Your email address will not be published.

Choose A Format
Personality quiz
Series of questions that intends to reveal something about the personality
Trivia quiz
Series of questions with right and wrong answers that intends to check knowledge
Poll
Voting to make decisions or determine opinions
Story
Formatted Text with Embeds and Visuals
List
The Classic Internet Listicles
Countdown
The Classic Internet Countdowns
Open List
Submit your own item and vote up for the best submission
Ranked List
Upvote or downvote to decide the best list item
Meme
Upload your own images to make custom memes
Video
Youtube and Vimeo Embeds
Audio
Soundcloud or Mixcloud Embeds
Image
Photo or GIF
Gif
GIF format