The changing nature of Cyber Crime for businesses
Cyber security is a risk that we’ve been writing about for a number of years now. It’s clear that cyber crime is not going away, as new threats continue to emerge.
Many businesses still believe that cyber crime only happens to larger organisations, because most of the media coverage of security breaches revolves around household name brands. However, less-experienced cyber criminals will target smaller SME businesses whose IT security processes are less sophisticated.
Even for an SME business, the estimated cost of a security breach is reckoned to be in the region of £75,000 at the low-end, to over £300,000 at the top end of the scale. These sums – which come from a cyber security survey by consultants, PWC – would be enough to threaten the existence of many SME businesses.
How do Cyber Security Attacks occur?
Cyber criminals will target a particular vulnerability in your IT systems. Increasingly, they will know the common vulnerabilities amongst businesses, having breached similar-sized businesses before. The main categories of vulnerability are:
- Flaws in your software, network and device design – You must ensure that you apply software updates and patches as soon as possible. This may take time and resource, and probably won’t add to the functionality of your software, so could well get forgotten at busy times. However, software updates and patches usually come about in response to a known vulnerability, so you must react quickly to avoid unnecessary risk.
- Features – Sometimes hackers will target a specific feature within a popular software package to find vulnerabilities, and then target businesses in the hope of using that feature’s vulnerability as a way in to their network.
- User error – Often a company’s staff will instead be targeted, as they may be the weakest link in the system, especially if they are not particularly knowledgeable in IT. For this reason, it is vital to develop effective IT security processes and train staff appropriately.
What do Cyber Criminals actually do to a business?
Over recent years, cyber criminals have continued to develop new tactics in an attempt to stay ahead of IT Security professionals. There are now dozens of different types of cyber crime activity. Some of them, such as phishing (email requests asking for users to login and provide security information) have been around since the 1990’s, whereas others such as social engineering (targeted emails and phone calls in which information is shared to gain trust before extracting sensitive information) are much newer.
In simple terms though, these activities fall in to a few distinct categories:
- Cyber crimes carried out for personal gain – criminals may look for bank or login details which might ultimately enable them to defraud you.
- Malicious cyber crimes – often hackers just enjoy infiltrating systems and causing problems for businesses and will see it as the business’s own fault for having vulnerabilities.
- Ransom – in some instances hackers will bring your IT systems down so that they can demand a ransom to restore them. They will know the financial implications of having your systems down for a period of time.
How can SME businesses respond to the threat of cyber crime?
It is important that SME businesses get some sort of plan in place to counter this ongoing threat. If you use an outsourced IT company, or know a reputable IT security company, you should speak to them first for assistance with your planning. It is also important to involve the top-level management of your business in the process, because the potential implications of cyber crime are severe enough to warrant their involvement.
The recommendations they come up with are likely to include the following:
- Network Perimeter Defences to protect against internal threats.
- Malware Protection software including anti-virus.
- A strict process for patch management and software updates.
- User training and education which may be implemented in to HR policies.
- Building security protocols to stop criminals targeting individuals in person.
How does Cyber Liability Insurance help?
The market for Cyber Liability insurance has changed considerably in recent years. There are now more insurers offering this specialist cover, and those involved are getting ever more knowledgeable about the risks faced by businesses. The increasing number of insurers involved should help to keep premiums manageable in the coming years.
If your business uses technology in any way as part of your day-to-day activity, Cyber Liability Insurance can be an effective last line of defence. However, it is vital that you manage your risks as thoroughly as you can first, before you take out insurance, by planning and implementing effective IT security processes.
Contact Us if you would like to discuss Cyber Liability Insurance for your business.