The Rising Threat of Cyber Attacks on SME and What you can do Today  

All IT companies seem to talk about these days is Cyber Security, and whilst this can get boring and seem like overkill, the reason for the focus is justified and never more important, especially after the world has gone digital.  

A recent example of this is a leading high street and online retailer that suspended operations and closed several stores in response to a perceived Ransomware attack. As a result, the retailer became aware that it had been subjected to a Cyber Security incident during which an unknown actor had unauthorised access to its systems.  

Although the attack, was a suspected ransomware attack, no ransom has yet been demanded from the company. It has also been supposed that the hackers may have used ‘Wiper’ malware, which effectively destroys the systems. Recently a new, more destructive wiper malware called ‘Caddywiper was used in the Ukraine.” 

 Simon Edwards a Cyber Security expert commenting on the BBC suggested that this attack should act as an example to other companies and more vigilance and diligence were needed. He also stated   Since hostilities started in Ukraine there has been a massive increase in cyber-attacks targeting all industry sectors. Although we are yet to know more from the company itself, typically these attacks start with a malicious email sent to an employee”

47% of data breaches are caused by employee negligence like accidental loss of a device or misplacing a document online. 

The increase in attacks targeting smaller organisations is a growing trend due to the lack of adequate cyber security and awareness within these organisations. This allows attackers to access and acquire data easier than in larger organisations.  

A recent UK Government report also concluded that about one in three UK businesses experience a cyber-attack on a weekly basis, with the majority starting with a phishing email. 

It is believed that this attack resulted from an employee falling foul of a malicious phishing email that allowed access to systems. This highlights a growing need to ensure that all staff with email access have adequate training and that systems and processes are in place to prevent unauthorised access.  

Make IT Better Now  

 Whilst you cannot prevent the attack, you can take steps to repel and identify when you may be receiving unsolicited attention. 

Below are a few first steps every organisation should be taking.  

Invest in Cyber Security  

Smaller businesses are a target as the dedicated budgets, and expertise within these organisations provides an easy route for the hackers. However, it is not always a case the organisations are not investing enough, but sometimes they are not investing in the right places. Another challenge is the preparedness of SME businesses, with a reported 70% not having adequate plans in place to respond to a cyber breach.  

 Train, train, and train some more  

With humans being the catalyst to a successful attack, organisations must now invest in ensuring anyone who can access an email and system is being trained to spot malicious activity and be less ‘Click’ happy.  

 A recent report by security provider Webroot, identified over 4 million new high-risk URLs, with a staggering two-thirds being used in phishing attacks. The complexity and ingenuity of attackers now mean that emails are the go-to tool in this lucrative crime model. A Veritas report recently concluded that 91% of cyber-attacks begin with an email.  

 If your staff do not know what to look for, or have not had the need to be vigilant trained into them, this will leave your organisation exposed, no matter how many other barriers you may put in place. 

 Policies and Passwords 

Allowing everyone access to every system and area of the business is a recipe for cyber carnage. Careful consideration around access control and permissions is vital in securing your defences. Having rules and controlling who can access what, will help you protect data and can function as an early warning system when attacks occur. For example, if Doris, in the shop, suddenly starts trying to access financial records, chances are, you have a problem.  

 Passwords are still a significant challenge, and without enforced rules and standards, users will still seek the path of lease memorable resistance when choosing a password. If you think anything has changed on this, look at Cybernews 2022 most commonly used passwords.   

 2022 Top 10 Common Passwords  

  1. 123456 
  1. 123456789 
  1. qwerty 
  1. password 
  1. 12345 
  1. qwerty123 
  1. 1q2w3e 
  1. 12345678 
  1. 111111 
  1. 1234567890 

It is no surprise that without policy and training, users may well be using these kinds of passwords on your critical systems.   

In addition, without staff understanding the risk of Phishing, even a complex password can be easily compromised, further reinforcing the need to ensure we train staff.    

82% of all ransomware attacks targeted organizations with less than 1,000 employees 

Don’t Be Scared, Be Positive 

Whilst some of this can all seem a little gloomy, it’s not. Knowing the risks we face and taking simple steps can massively reduce our exposure to threats. Looking at Cyber Security as a positive, allows you to redefine and secure your organisation, making it stronger and reducing any likelihood of bad PR should something happen.    

There are many options to provide simple ways to bolster security and have shared a few tools at the bottom of this blog. However, the essential first step is to recognise the need to do this and then do something.  

An attacker only needs to win once, and you need to defend against many attacks.  

 Further Help  

We work with many leading organisations in different sectors, guiding them to the right technology solutions. We have a range of Managed Security options, including staff Cyber Awareness Training. If you would like to sanity-check your security or discuss how we can help you, call us on 0333 344 8971 or contact us through the website.  

 

 Helpful Resources  

 Free Cyber Security Audit  

Free Phishing and Password security tools to test users and the network   

https://www.cways.co.uk/knowbe4-test-your-users-and-network/ 

15 Ways to prevent a Cyber Attack  

https://www.cways.co.uk/prevent-a-cyber-attack-infographic/ 

Ransomware Hostage Manual  

https://www.cways.co.uk/ransomware-hostage-rescue-manual-2/