By Chris Dye, VP Alliances, Glasswall Solutions
It’s hard to understate the importance that small to medium-sized enterprises have for the UK economy. Making up 99.3 per cent of private sector business, these companies bring a collective £1.6 trillion to the UK each year, according to the Department of Business Innovation and Skills.[1] But just as SMEs are vital to keeping the national economy afloat, they are also a major source of income for cyber criminals worldwide.
Despite being a growing target for hackers, many SMEs still don’t consider themselves to be at risk. In fact, 82 per cent of companies believe they are too small for cyber criminals to see. In reality, however, 92 per cent of hacking incidents that took place in 2014 were executed against SMEs. [2] The seven million annual attacks estimated to take place against smaller firms each year cost the UK economy £5.26 billion, according to the Federation of Small Businesses (FSB). [3] These attacks are also becoming more expensive for victims, with the highest costs in 2015 reaching £310,800, compared to just £115,000 in 2014, as stated in a survey recently published by Digital Economy Minister Ed Vaizey.[4]
While some SMEs (approximately 23 per cent) have caught on to the potential risk posed by cybercrime, too many are still relying on outdated technology that only provides perimeter security, completely ignoring file-based threats. As these sorts of attacks make conventional security methods utterly useless, an increasing number of hackers are seeing them as their most valuable tool. According to a survey by the Institute of Directors, nine out of ten business leaders believe that cyber security is important whilst only half had a formal strategy in place to actually protect themselves from threats.[5]
File-based threats
File-based attacks involve the use of malicious code, hidden within common file types and launched via email messages. The potential of a file-based threat is only constrained by the ingenuity of the hacker, and history has shown, time and again, the catastrophic effect these corrupted files can bring when they gain access to an enterprise’s systems.
The few SMEs who have woken up to the threat of cybercrime still stand little chance against these file-based threats. Many companies are still relying on costly perimeter security solutions, such as firewalls and email scanning, which are only effective against widely-known threats. Furthermore, these defences rely on incremental updates to remain effective against attacks, though they are often one step behind the hackers.
File-based attacks are responsible for 94 per cent of breaches across all businesses, and this figure continues to grow each year.[6] As a result, many businesses are losing faith in their current security solutions, as well as supposed “new solutions” such as sandboxing, and moving towards more innovative approaches.
Social engineering
The most well-trodden route into a company’s systems is through their own employees. By using well-practiced social engineering methods, hackers can turn an organisation’s own staff into unwitting accomplices. Alarmingly, 88 per cent of breaches include the use of social engineering.
Ammunition for these types of operations is shockingly easy to acquire. Cyber criminals will typically find this information from a number of sources, such as files from the company’s official website that have not been cleaned or files that have been intercepted during exchange. This information can be used to identify user IDs, server paths, software versions and even employee reference data.
With this information on hand, it’s relatively simple for a hacker to forge a convincing email to an employee, posing as a trusted contact and duping the employee into opening a link designed to send a zero day exploit, to be activated at a later date, straight into the company’s system. With this in mind, it is vital that companies keep this information out of the wrong hands, ensuring any data leakage is prevented.
The urgency of cybersecurity
With the European General Data Protection Regulation (GDPR) set to come into effect next year, preventing file-based attacks is more urgent than ever for businesses with operations in the EU. The new law will impose increased penalties and fines to businesses which fail to protect data adequately, or are subject to a breach.
Minimum fines will be set at two per cent of global turnover, with maximum fines reaching four per cent. In addition to stiffer fines, the new regulation will also include a provision for disclosure, in the name of public interest, which will likely lead to many cybercrime victims losing additional revenue as their customers lose faith in their ability to protect their personal information.
Although the GDPR gives some leeway to SMEs deemed to pose a smaller risk to the privacy of citizens, even “one-man bands” will be expected to be fully compliant with the regulations. They must manage their data just as closely as their larger counterparts, avoid introducing unnecessary privacy risks and consider the risks their business practices pose to the privacy of their customers.
To ensure they can live up to the upcoming regulations, SMEs must turn towards a solution based on file-regeneration, one that guarantees total security and full protection against the most common form of cyber threat and can do so without compromising the speed and efficiency that businesses require in order to deliver their clients and customers a competitive service.
SMEs would be wise to adopt Managed Service Solutions; one which is adapted specifically for smaller businesses and takes into account the growing threat posed by file-based attacks. These solutions allow SMEs to achieve full protection from threats in a cost-effective manner, and place the burden of risk on the shoulders of a third-party.
With both the GDPR and cybercriminals casting their eyes on SMEs, it is more urgent than ever for these enterprises to look beyond conventional perimeter security measures and adopt a proven security solution that can protect them from the most common and volatile attacks.
[1]https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/467443/bpe_2015_statistical_release.pdf
[2] https://www.theguardian.com/small-business-network/2016/feb/08/huge-rise-hack-attacks-cyber-criminals-target-small-businesses
[3] http://www.cbronline.com/news/cybersecurity/business/smes-hit-with-7-million-cyber-crime-attacks-per-year-in-526-billion-blow-to-uk-economy-4919992
[4] Government urges business to take action as cost of cyber security breaches double
[5] http://www.director.co.uk/news-cyber-security-businesses-need-to-get-says-iod-2-9876/
[6] http://www.professionalsecurity.co.uk/products/computer-systems-and-it-security-news/changing-face-of-cybercrime/
