Cyber security incidents can be costly, not only in lost revenue but as studies have shown a shocking 60% of small businesses go bankrupt within six months of a cyber-attack.
What is cyber-crime?
There are 5,400 searches on Google every month for ‘cyber attack’ and it’s defined as criminal activity or malware by means of computers or the Internet. Most cybercrimes are carried out to generate profit for the cybercriminals, some cybercrimes are carried out against computers or devices directly to damage or disable them.
What are the biggest cybersecurity risks for business owners in 2024?
Martin Lauer, founder and chief executive of The One Point, a managed technology provider in Hessle, says employees are the weak link in an organisation’s cyber security. He explains:
“Someone hacking in through a firewall makes for great television but most of the time cyber security incidents start with an action by an unsuspecting employee allowing a risk into the network, this could be as simple as clicking on a link in an email or opening an attachment.”
With many cyber risks coming from human error, a key aspect of improving an organisation’s cybersecurity is prevention through training and awareness. Lauer adds: “Email is the biggest area that cybercriminals can exploit employees through phishing scams. There’s software that enables you to send a spoof but safe email, and it’ll alert IT or the MSP when someone clicks on it so that you can educate them about what they’ve done wrong.”
In a study of more than 9 million users across nearly 30,000 organisations over a 12-month period, security awareness company KnowBe4 found an initial baseline Phish-prone percentage of 27% across all industries. After only 90 days of training and simulated phishing, the Phish-prone percentage dropped over half to 13%, and after 12 months, it was minimised to only 2.17% – an astounding 94% improvement in one year.
Cybercriminals are now also using supply chains to gain easy access to valuable internal data and systems.
Lauer said: “It’s very easy for somebody to ring up a supplier posing as a customer and ask for a copy of an invoice. They then copy that invoice and send a legitimate one to the real company, saying they’ve changed their bank details. So, the company changes the bank details on the system and makes the payment.”
Shadow IT
The threat landscape is constantly evolving, especially in recent years, as more software is moving to the cloud, the development of AI, and more smart devices are being released. As our data is moving to the cloud – it makes working from anywhere more accessible for us but also means attackers can use stolen account passwords to log in from anywhere and access confidential data. This means account security is more important than ever, using strong unique passwords and multi-factor authentication.
Many businesses are storing their data in the cloud, as files are encrypted and continuously monitored. “The cloud is a safer place to be because the data is sat in a state-of-the-art data centre that’s been looked at 24/7, 365 days a year,” says Lauer. “But the minute somebody gets your access credentials, you’re dead in the water.”
As software becomes easier to use and accessible – shadow IT is becoming more prominent. Shadow IT is where a staff member signs up for software without IT’s involvement and uses it to store confidential data. This data is often stored in programs that aren’t set up securely or being monitored.
Lauer explains: “An example of this is someone signing up for Dropbox and storing work files there. The user shares some files externally but inadvertently shares more than intended. IT couldn’t stop this data breach as they weren’t aware of it. This means strong robust proceeds for procuring software and their use is important, as well as monitoring for the use of unauthorised applications and checking they are securely configured.”
A multi-layered approach
Insurance companies require more and more cyber security protections to be put in place prior to cover meaning companies who don’t take cyber security seriously will find themselves not covered from cyber security breaches.
No one system is perfect at preventing cyberattacks, therefore it’s important to link several solutions together to create solid layers of security around your data. Lauer says a good cyber-security plan comprises several points: appointing an accredited managed service provider (MSP), adopting multi-factor authentication, having an incident response plan, and regular employee training and testing.
Security awareness training is essential for organisations to educate their employees about cybersecurity threats and best practices for protecting sensitive data and systems. Cybersecurity threats are becoming increasingly sophisticated, and security awareness training can help employees recognise potential threats, understand the consequences of security incidents, and learn how to prevent them.
Businesses that do not acknowledge the growing significance of cybersecurity are at risk of significant financial loss, operational disruption, and reputational damage. To mitigate these risks, organisations should implement strong cybersecurity measures, including regular risk assessments, employee training, access controls, and incident response plans.
By protecting data, preventing disruptions, maintaining trust, ensuring compliance, and increasing resilience, cybersecurity helps ensure that business operations can continue to meet the demands of customers and partners.