According to the Cyber Security Breaches Survey, nearly half (43%) of all UK businesses had reported cyber security breaches or attacks in the last 12 months. The average cost of these attacks amounted to over £4,000 which can have a substantial effect on a small to medium sized business’s revenue.
In 2015, telecoms giant TalkTalk had its personal details hacked, this resulted in a record fine of £400,000 for the security failings. However, it is not only large companies who need to worry about cyber security.
In 2018, SME Boomerang Video was fined £60,000 for leaving itself vulnerable to hacks. The ICO’s (Information Commissioner’s Office) investigation into Boomerang Video found:
- Boomerang Video failed to carry out regular penetration testing on its website that should have detected errors
- The firm failed to ensure the password for the account on the WordPress section of its website was sufficiently complex
- Boomerang Video had some information stored unencrypted and that which was encrypted could be accessed because it failed to keep the decryption key secure
- Encrypted cardholder details and CVV numbers were held on the web server for longer than necessary
With the implementation of General Data Protection Regulation (GDPR) in May 2018, businesses now have to report any breaches to the ICO. As a result of this, the fines have dramatically increased which could also mean the average cost of data breaches rise even further in the coming years. Since the introduction of GDPR, the impact of a data breach can also be greater with the ICO being able to stop a business from processing data in the future.
Types of cyberattacks
There are many different ways in which cyber criminals can attack businesses, some of the most common attacks include:
- Phishing – phishing is a form of social engineering where a criminal hacker tries to trick the user into clicking a malicious link or downloading an infected attachment or divulging sensitive or confidential information. The attacker does this by posing as a legitimate institution and contacting the target via email, telephone or text message.
- Whaling – also known as whaling phishing, is a specific kind of malicious hacking within the more general category of phishing. The targets of whaling tend to be high-ranking executives or others in powerful positions or job titles. For example, cyber criminals will impersonate a big fish within your organisation, whether that be a Director, Manager, CEO, Finance Director, etc., and ask another member of the organisation, likely in the accounts department, to make or approve a large payment. Because this email looks, for all intents and purposes, like it is coming from the Director, CEO, etc., the employee then approves the payment of a substantial sum of money to what turns out to be the cyber criminal’s own bank account.
- Ransomware – is a type of malicious software, or malware, designed to block access to the targets data until a ransom is paid. Ransomware is typically spread via phishing emails or visiting an infected website, crypto ransomware is spread through similar methods but has also been spread through social media.
- SQL injection – is a code injection technique that could destroy your database. SQL injection usually occurs when you ask a user for input, such as their username/user ID, and instead of a name/ID, the user gives you an SQL statement that you unknowingly run on your database. This type of attack allows the attacker to tamper with existing data tamper with existing data, cause repudiation issues such as voiding transactions or changing balances, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server.
Government’s Cyber Security initiatives
Government initiatives such as the Ten Steps to Cyber Security and the Cyber Essentials schemes are enabling all organisations to access better resources to protect themselves against potential attacks.
“We are committed to making the UK the safest place to live and do business online and welcome the significant reduction in the number of businesses experiencing cyber breaches,” said Clare Gardiner, director of engagement at the National Cyber Security Centre. “However, the cyber security landscape remains complex and continues to evolve, and organisations need to continue to be vigilant.
EPX Technical Services – Cybersecurity for your business
Protecting your computers, servers and networks from attacks is a huge part of cybersecurity. With dramatic increases in the number of cyberattacks, including phishing, ransomware and whaling, your business is constantly under attack. It is vital for your business to be prepared for an attack as cyber criminals can and will attack any business regardless of size.
EPX Technical Services offer a variety of cybersecurity solutions, including security training for employees, automated scans and 24/7 monitoring. These solutions are continuously being adapted and updated to follow the latest technologies and best practices. If your business requires cybersecurity help and support, EPX Technical Services can deliver this. To find out more call us on 01785 878311 or email us at firstname.lastname@example.org.