Cyber Crime has often been thought of as activity which only impacts the largest organisations in the world. We’re regularly hearing of data breaches affecting some of the most well-known online companies in their respective markets.
Some of the most notable breaches in recent years include Yahoo in 2013-14 when three billion user accounts were compromised; eBay in 2014 with 145 million accounts; Uber in 2016 with 57 million users; Sony PlayStation Network in 2011 with 77 million accounts hacked, and the list goes on. In each case, compromised data included the personal details of each one of its users, anything from email addresses and passwords to credit card numbers and home addresses.
According to this McAfee report, in 2017 the global cost of Cyber Crime reached an estimated $600 billion, or 0.8% of global GDP. This is a huge increase from previous years and there are no signs of it slowing down.
There are several key reasons for this unprecedent growth in criminal activity, including:
- The monetisation of stolen data has become less difficult because of improvements in cybercrime black markets and the use of digital currencies (such as Bitcoin)
- Stolen data is offered for sale with relative ease on the dark web
- Digital currency makes payments easier and harder to trace
My business isn’t a global entity with millions of customers, does that mean I’m safe?
The short answer is no. Unfortunately, the myth that SMEs are less likely to be targeted is unfounded, but often perpetuated, nonetheless. This is just one reason why SMEs are indeed more vulnerable to attack than their larger counterparts – a lax attitude towards security fosters a relaxed approach to cyber security. The meteoric rise in ransomware within the SME market should offer enough evidence that there is a very real threat, and that attacks are happening right now.
According to the Government Cyber Security Breaches Survey
- Over four in 10 businesses (43%) and two in 10 charities (19%) experienced a cyber security breach or attack in the last 12 months.
- Under three in 10 businesses (27%, versus 33% in the previous 2017 survey), and two in 10 charities (21%) have a formal cyber security policy or policies.
Similarly, KPMG published a survey which highlights the following:
- 63% of surveyed SMEs had experienced a breach, and over half of those were in the last year.
- Only half of surveyed SMEs used security software such as anti-virus and only 52% have a strong password policy and regularly update software.
- 11% surveyed admit that they haven’t taken any steps to protect their data.
One of the first conclusions to dismiss, then, is the idea that SMEs are not as vulnerable, or less likely to be victims of a breach – this is simply not true, and in fact, the opposite is true. As IT support providers, we see evidence of this everyday. Our MD Andrew explains more about the sort of threats we see, here: https://resolve.co.uk/reasons-why-cyber-security-should-be-top-of-the-agenda. The next question to address is why are SMEs at such risk?
Why are SMEs at such risk?
Economies of scale plays a large part here; 20 out of date computers in a single business do not offer particularly lucrative rewards, 2,000 out of date computers in 100 organisations certainly do. The same malicious software can be deployed to many networks within minutes.
As mentioned before, the misleading idea that SMEs are less likely to fall victim to a breach should be one of the main concerns. In adopting this attitude, there is less concern for cyber security and so less resource on offer to tackle the issue.
In many cases, SMEs simply don’t have the resources available, even with the best intentions. Where larger organisations will outsource IT to security consultants, or bring them inhouse, this doesn’t tend to be something that SMEs can do. Additionally, larger organisations have clearly defined Cyber Security policies, including scheduled activities which ensure best practices are met.
Reporting of breaches plays another role here; there are many breaches that take place that simply go unreported. The source of the breach is much less likely to be investigated as they don’t carry the high-profile nature of mainstream newsworthy incidents. We know of plenty of SMEs that have suffered a breach, but they have not made headline news, so surrounding SMEs are none the wiser.
So, what is the impact of not addressing the risks?
According to KPMG, 94% of procurement managers say that cyber security standards are important when awarding a project to an SME supplier and 86% would consider removing a supplier from their roster due to a breach.
Similarly, 89% of the small businesses surveyed who have experienced a breach said it impacted on their reputation. Those who experienced a breach said the attack led to: 31% brand damage, 30% loss of clients and 29% quality of service is also a risk. Those surveyed who experienced a cyber breach found it impacted the business’s ability to operate and caused delays with 26% of their customers. In addition, they saw a decrease in winning new business by 29%.
With the GDPR now in full force, data breach incidents now pose a serious threat to businesses with fines substantial enough to close an SME down.
The threat is clear, and I understand the risks, what can Resolve do to help?
It’s important to flag up that outsourcing your IT is a good step in the right direction, but the key here is that they are doing the right things, at the right time. At Resolve, we have spent a lot of time in research and development to provide a giant leap forward in securing your business from cyber threats. Based on over 14 years of experience in supporting SMEs and being closely involved in the industry and some key partners – including SonicWall, Microsoft and ESET – we are in an ideal position to be able to help.
Our Managed Cyber Security Service offers our clients a fully managed service, capturing the most important elements of cyber security. Using tools and technologies from some of the industry leaders in security innovation, we can deliver an "all in one" solution which covers best practices as well as advanced network scanning and reporting, and updating systems and software where necessary, to ensure we have all areas covered. The service includes monthly vulnerability scans of your website, your internet facing public IP addresses and your entire internal network. Any issues identified are quickly resolved by our team.
We will certify your organisation with the Government Cyber Essentials scheme, which demonstrates to your customers and suppliers that you take cyber security seriously. Finally, we provide you with full reporting on our activities, which gives you an insight into the state of your cyber security, both before and after working with us.
In today’s rapidly changing technology environment, businesses can’t afford to take a reactive approach to security any longer. The threat of a security breach is so great and those who choose to ignore it will be caught out – it’s not a matter of if, but a matter of when.
If you’d be interested in finding out how we can help you, complete the box below.