Cyber security threats – latest facts
- According to ITPro, UK ransomware attacks surged by 80% in the third quarter of 2020.
- The National Cyber Security Centre defended the UK from 723 cyber incidents from Aug 2019 to Aug 2020
- 94% of malware is delivered via email (source Verizon)
- Phishing attacks account for more than 80% of reported security incidents (CSO)
There are a range of potential security risks to mitigate against:
Ransomware: This method is used by many cyber attackers to infiltrate your system, encrypt data or block usage, and then demand a payment, usually in Bitcoin or another cryptocurrency.
Phishing emails: These used to be pretty easy to spot, however they have become far more sophisticated and this trend that looks likely to get worse. The scam email approach works because they are sent out in such large numbers that only a very few need to work for them to be profitable to cyber criminals. The latest versions of these emails use authentic-looking templates and even spoof URLs and return email addresses, often fooling even trained staff who are on the lookout for scams.
Fileless attacks: This fairly new trend is where malware isn’t actually installed on the target device but instead uses trusted programs already in use. These are hard to identify and even harder to stop. With the impending rollout of edge computing, this particular route is likely to be explored even more by hackers.
How at risk is your business?
It is estimated that more than half of all cyber security threats target small businesses – so this isn’t a problem that’s limited to large corporates. Cyber criminals also sometimes target particular sectors – construction, finance, IT, education and healthcare have all seen heightened risk. And since the mass shift to home working in 2020, many attacks have sought to prey on isolated home workers with less opportunity to refer to colleagues if they are suspicious or concerned.
Make your employees your first line of defence
- Data from the ICO shows that 90% of cyber breaches were caused by human error – including mistakes such as:
- Sending information to the wrong recipient
- Not following security policies guidance
- Using software not authorised by the organisation
- Weak passwords
- Phishing emails
It’s even possible to be the source of a verbal breach while talking on the phone, particularly if employees are discussing confidential matters in public places.
All of these issues are attributable to human error, and cannot be prevented through security software and protocols alone. Organisations need to ensure that their employees are aware of the risks of cyberattacks, and understand the policies, procedures and guidelines in place to prevent data breaches.
You can make your employees your first line of defence against cyberattacks through awareness and training. Access offers a full range of cyberawareness training modules that can educate people in your organisation about security best practice. Not only with this knowledge help them keep your business data safe, it will also help them to keep their personal data safe too.
Cyber security: 3 ways to protect your business today
Bring all your staff up to date with a fresh round of cybersecurity essentials training. Helping them to spot risks and engage in security-conscious behaviour is an excellent first step – but do be aware that this on its own is not enough.
- Consider migrating to the cloud as this will ensure that your business applications are patched and updated regularly to maximise protection. All leading cloud hosting solutions providers will also have many other security measures in place, such as using industry-leading firewall products. And moving into the protection of the cloud will also alleviate some of the pressure on your in-house IT and enable them to focus on other business critical projects.
- Get outside help. The only way to fully optimise your protection against threats and mitigate against security breaches is to work with professionals who know how to stay one step ahead of the hackers. You can also keep abreast of the support available from outside sources such as the National Security Centre. They publish helpful guidance specifically aimed at small and medium sized organisations such as the free Small Business Guide: Response & Recovery
Access can also offer a whole range of support to help your business stay safe and operate effectively in the cloud. We offer a variety of free resources to assist you too. Please do contact us.