Last year almost a third of UK SMEs reported IT breaches or cyber-attacks. For those unfortunate enough to be targeted by cyber-criminals, lost on average £4,180.
These statistics were taken from the Cyber Security Breaches Survey, an Official Government Survey, measuring how UK organisations approach cyber security, and the impact of breaches. They reported that cyber security is increasingly a priority issue for organisations with 78% of businesses now rating cyber-security as a high priority.
The most common cyber attacks on UK businesses
The first step to beating cyber-crime is to be aware of the potential threats. Here are the ten most common IT threats, SME businesses should be aware of:
1. Phishing E-mails
The most common way businesses experience security breaches or attacks come from Email, with 80% of businesses reporting phishing emails as the route case. A malicious attachment is often the preferred entry point for phishing or ransomware.
2. CEO impersonation fraud
CEO impersonation fraud takes place when a scam email purporting to be from the Chief Executive Officer, Managing Director or another senior figure in an organisation is sent to the finance team requesting that payment be made to a third party, or to the senior figure themselves. It is also known as ‘whaling’ (because it targets one ‘big fish’ as opposed to phishing, which targets a large number of smaller ones). Small and large organisations alike have been targeted … and fallen for the scam and are much more common practice than you might think.
3. The company’s IT network
A poorly protected IT network, coupled with workstations or servers where security updates have not been carried out, can be an entry point, particularly for worms. Unlike viruses, worms are able to propagate automatically, without any direct action by the user. Viruses or other malware, including ransomware, accounted for 27% of IT breaches according to the Cyber Security Breaches Survey.
4. Popular websites
A watering hole attack is a security exploit in which the attacker seeks to compromise a specific group of end-users by infecting websites that members of the group are known to visit. The goal is to infect a targeted user's computer and gain access to the network at the target's place of employment.
Downloadable phone Apps, particularly Android ones that are less secure and have fewer checks than iOS ones. Scareware, often uses this route where a malicious computer program designed to trick a user into buying and downloading unnecessary and potentially dangerous software, such as fake antivirus protection.
6. Public Wifi
Non-secure wifi systems – such as public hotspots – are still the entry point of choice for cyber-attacks. They are the ideal way to intercept communications or even recover data and passwords.
7. The Internet of Things
From personal devices like smartwatches to smart monitors which monitor manufacturing efficiency, these connected objects are very vulnerable and can let cyber-criminals “piggyback” onto a company network or hijack these objects to launch massive denial-of-service attacks.
8. USB sticks
There could be malicious software on that unrecognised USB stick, intentionally left just lying around. Be careful not to open it at a workstation and use a specifically designated computer, ideally one that is isolated from the rest of the network.
9. Your Trusted Suppliers
The trusted relationship between a company and its suppliers often fosters carelessness. If one part of the chain is poorly protected, it can become the weak link that hackers take advantage of to access the entire ecosystem.
10. Internet Ads and banners
Some advertising sidebars, especially on free sites, can be hacked and, when clicked, send users to a malicious site or even trigger a malware download.
What to do next?
If you're not sure whether you are taking adequate security precautions; if you are concerned that your business is at risk, please get in touch with our experienced team.
We are experts in network security and malware prevention. A simple audit and assessment will reveal any potential vulnerabilities. After every cyber-security assessment, we will make bespoke, strategic IT recommendations and an implementation plan.
Simply email us firstname.lastname@example.org at or call 020 3950 0360