Recent large-scale cyber-attacks raise questions regarding the level of security expertise in SMEs. Here we outline the challenges alongside a potential solution.
Cyber attacks have been around for a long time, and have always created large scale media attention. However, recent large-scale attacks on household names such as Facebook, Twitter, E-Bay, JP Morgan and The European Bank have bought fresh attention to cyber-security. Online retail organisations have been key headline-making targets for cyber criminals in the recent past, with 60% of retail SMEs suffering a data breach going out of business within 6 months. So what is the reason behind this dramatic increase? And what should companies be doing to protect themselves?
Advances in Technology and Expertise
As technology advances, so does the expertise of the individuals who work with it, plus there is an ever increasing availability of information. YouTube alone has over 300,000 videos on wifi-hacking. Like doping in sports, the creators of the drugs are always one step ahead of the testers. Hackers seem to always be one step ahead of victims, regardless of preventative measures put in place.
Recent IBM research outlined a significant rise in cyber attacks against US retailers, resulting in over 70 million records being stolen highlighting the increase in the efficiency and sophistication of the methods carried out by cyber criminals. On the well-established black market that accommodates the buying and selling of data, it is estimated that $1-$25 is the going rate for stolen credit card details. This is widely seen as a fast way to make easy money for the criminals targeting the retail industry.
Where do the attacks originate?
The majority of the time these are not acts of terrorism or high level espionage, but opportunistic behaviour. So what factors often contribute to breaches?
5 key areas stand out:
- End users downloading infected files, or visiting malware-laden sites
- Insecure system configs
- Weak passwords
- Unpatched or legacy technology
- Weak network security
This appears to suggest that the majority of businesses are underestimating the level of threats and overestimating their own ability to deal with them.
Lack of education
In a survey conducted by the security firm Carbon Black, more than 25% of UK CIOs claimed they were not concerned by security breaches, despite 82% claiming that they were under pressure from their businesses to prevent, detect and react to incidents quicker.
The study also revealed that CIOs had an unrealistic view on discovery and response to threats, believing it would on average take 60 days to uncover a breach, with over a quarter claiming under 14 days. The results highlight a lack of education around cyber security and also indicate that businesses have a reactive rather than a proactive approach to security.
A final word from 4D
Cyber attacks will become more advanced and more frequent as technology advances, that seems inevitable. However, during this vulnerable time, companies need to start taking these threats more seriously and being assertive around the risks that are within their control.
A key problem area can be lack of qualified cyber security staff, particularly within SMEs. This is where working with a partner who has the appropriate in-house expertise can help. Working with a provider that can offer even the smallest of businesses an Enterprise level of security, expertise and support against threats is a sure fire way to make invaluable improvements to your cyber security. Taking the time to select a provider that will offer all that you need, acting as an extension of your team, without having to pay for the in-house expertise is a no brainer.
At 4D this is what we specialise in, and we can work with your business to design and deliver an IT infrastructure set-up that ensures you don’t fall victim to a potentially catastrophic attack.
If you would like to hear how to better secure yourself on the cloud, give us a call on 020 7183 0603.
- IBM 2015 Cyber Security Intelligence index for Retail
- IBM 2013 Cyber Security Intelligence index for Retail
- Cyber Security 2016 and Beyond