Two-thirds of businesses have been hit by cyberattacks—and 43% of attacks target SMEs. Avoiding complacency is the best way to protect from cyber threats such as ransomware attacks on SMEs
The transformational impact of information technology on businesses, not least the SME sector, cannot be overstated, but IT has brought more than just opportunities and efficiency; it has also brought risk - the risk of infection by so-called ‘malware’, that is, malicious software.
Today, the increasingly common threat of ransomware attacks on SMEs is only the latest of a long line of cyber threats that make your computer or network a ticking time bomb.
Two-thirds of large UK businesses have been hit by cyber attacks in the past year, according to government statistics from 2016. The threat is no less severe for SMEs. Last year Symantec found that 43% of cyber attacks target small businesses, and ransomware attacks on SMEs are on the up. More than 51% of medium-sized businesses in the UK reported a security breach of some kind in 2016, and the next line of attacks is expected to be aimed directly at SMEs.
Worse, so-called ‘zero day’ attacks – where the malware is written fresh for each attack – means that traditional virus scanning software is no longer enough, as simply scanning for known viruses falls short of addressing an evolving threat.
The first step to protecting your SME is understanding that the threat is out there. The second should be to get to know what kinds of threats exist. Thankfully, it is quite easy to cut through the jargon. However, confidence in accurately assessing cyber risks has fallen to 59 percent this year, down from 73% in 2016, according to a report in The Daily Telegraph.
With that in mind, it’s probably best that you brush up on your cybersecurity glossary. This is by no means a comprehensive list of all the different threats and terms that you should be aware of, but it’s certainly a good start:
Software that takes over a computer and forces unsolicited advertisements to display on the system. For the most part adware is merely a nuisance, but it can also be used as a method for delivering viruses.
Another form of ransomware attack on SMEs is the ‘distributed denial of service’, or DDoS. In this kind of attack the SME can be both the victim and an unwitting participant. Dozens or hundreds of hacked computers are remotely taken over and some of their processing power and internet connectivity is secretly used to launch continual requests to load a website. The result of millions of simultaneous requests is that the targeted server slows to a crawl, or even crashes, making business impossible. Of course, the attack can be called off and business resumed – for a fee.
So-called ‘phishing scams’ steal personal data by pretending to be from a trusted source. For example, an e-mail may appear to come from a bank, asking the user to click a link. Often this inducement is itself evidence of a data breach. Once clicked, the link takes the user to a fake website and asks them for data which will then allow the hackers to gain access to the real site, be it online banking or e-mail.
One increasingly common form of attack on SMEs is the ransomware attack, the best-known of which is called ‘cryptolocker’. This infects a computer and encrypts data, threatening to erase it if the unlucky user doesn’t pay out, often using untraceable bitcoins. The ransoms tend to be relatively small as an encouragement to pay-up, but, in aggregate, ransomware attack on SMEs are a huge criminal enterprise valued at over a billion US dollars, and in many cases the criminals do not return the hostage data.
A rootkit is a piece of malicious software designed to gain administrative access to a computer system (known as ‘root access’) and pass it on to an unauthorised user, thus allowing them access to all of the data on the system or network.
Unsurprisingly there is a lot of fear out there—and some forms of malware take advantage of this fear by trying to convince users that uninfected systems are, in fact, riddled with malware. The solution they offer, of course, is their own software. Anti-malware software should always be obtained from a reputable source.
Another type of general malware is ‘spyware’, which can be used to send data including keypresses, mouse movement and even video from webcams to a remote location. This can be used to break into private data, either for espionage purposes or to break into bank accounts.
The original form of malware, viruses are so named because they are tiny, self-replicating and take over their host system. Early viruses were mostly intended to be nuisances, but these days they can be designed to delete data or, more commonly, connect to the internet to download and deploy other forms of malware such as ransomware.
Small businesses cannot afford to be complacent. Ransomware attack on SMEs are common for a number of reasons: firstly, they are a potentially softer target than the likes of the big banks, and, in aggregate, no less valuable to hackers and other spreaders of malware. With technology in a permanent state of flux it can seem that the internet is simply too dangerous, but who can afford to do business without it? The solution is to be aware of the dangers and mitigate the threat of them by putting the proper procedures in place, both in terms of technical measures and proper behaviour.
As Information Age magazine put it, “the malware landscape is far beyond anything that could have been imagined at the time.The big difference is, in 1988, organisations were defenceless. Now, they have multiple layers of protection to help them keep their networks secure.”
Technological responses to malware, such as firewalls and virus scanners, remain essential, but you have to understand and be aware of the threat first.
- Two-thirds of UK businesses have been victims of cyber attacks.
- 43% of cyber attacks target small and medium businesses.
- Knowing the kinds of threats that lie out there is essential.
- Traditional virus scanning software is no longer sufficient to protect from ransomware attacks on SMEs.
- SMEs are a softer, and hence more attractive, target for hackers than big businesses.