Cyber attacks on SMEs – the risk of attack is VERY real

SMEs are very attractive to cyber criminals: they have poorer security and limited resources, making them easier to attack than their larger counterparts, and are often part of larger supply chains, making them an easy point of access into larger corporations’ systems.

The Department for Business, Innovation & Skills/PwC’s most recent Information Security Breaches Survey found that 74% of small businesses suffered a security incident in 2015 (up from 60% in 2014).

The impact of an attack is clear

Reputational damage is a very real concern for SMEs. According to KPMG and Be Cyber Streetwise, 89% of breached SMEs said the attack affected their reputation, damaging their ability to win new business and maintain relationships with existing clientele.

What SMEs can do to protect their reputation?

SMEs should look to the government’s Cyber Essentials scheme to protect their reputation. Cyber Essentials sets out five security controls that, according to the UK Government, could prevent ‘around 80% of cyber attacks’. These controls provide a basic level of protection from the vast majority of cyber-attacks, and improve business efficiency in the process.  A double win!

Certification to the scheme demonstrates that you’ve implemented these basic cyber security controls, reassuring your customers, stakeholders and staff that you have taken the precautions necessary to reduce cyber risks, as well as putting you on route to helping you with cyber insurance if you are considering taking this out.

Cyber-Essentials-logo-HiRes

Cost of SMB cybercrime

Cyber criminals continue to aggressively targeting SMBs in the hope that their systems will be less robust than larger, enterprise organisations.

Data theft and disruption (digital vandalism) are pure salmon on the menu for hackers, to either steal money from or pass details to other criminals and criminal organisations.  The US in 2013 had 28 million SMBs, 66% of which contributed $7.5 trillion to the US economy.  36% of SMBs in the US suffered cyber attack in 2012.  The UK in 2014 had an estimated 5.2 million businesses employing 25 million people, with a combined turnover of £3.5 billion.

Common types of attack:
• Phishing – scam email from a familiar looking person or address getting the user to reveal passwords or credit card details.
• Digital vandalism – Denial of Service (DoS), virus attacks or other malware to interrupt a business with damaging cost impact to business.
• Data theft – this can paralyse a smaller organisation – average cost to a US SMB in 2013 was $9,000.  Of those attacked it is estimated that 60% go out of business within six months.

Impact on business:
• Business lost during a cyber breach
• Loss of company assets (bank account details, passwords, customer records, company strategy, employee information)
• Damage to reputation – this can go on for years (and hacked websites can be quarantined for long periods by search engines preventing new business in).
• Risk of being sued – failure to protect customer information with reasonable measures could leave an SMB open to litigation.
• Vulnerability of business through lack of firewalls, encryption, virus software and staff monitoring and managing the protection of a company’s digital estate.

Failing to act is no safeguard.  Understanding the infrastructure and its weaknesses is a first step to positive preventative action.  Pen-testing offers a relatively cheap and often eye-opening analysis of risk and gaps.

penetration-testing

This week’s technology news from Amicus ITS – Friday 31st May 2013

UK is simply the best
The UK has again been ranked the safest destination in Europe for businesses to locate their data centres according to the 2013 Data Centre Risk Index report. Scoring strongly on resilience and for ease of doing business, Britain continues to lead the way, strengthened by our status as a major economic global hub. Europe and especially the UK are also embracing BYOD strategies faster than the US, according to Citrix’s EMEA head. So whether your business interests are domestic or global, it is imperative to choose the right MSP with world regulatory understanding and creativity, so a UK based provider could lend you that leading edge.

Cloud best for SMEs
Microsoft backed research claims that investing in Cloud technologies provides greater business confidence. One third of SMEs polled said their prospects were more positive following migration. In the UK, 19% of companies surveyed using Cloud reported they were due to invest in staff, new technology or launch new products to gain growth. Illustrating a divide between those who have moved dynamically to the Cloud and those yet to change, the polarity could hold the old guard SMEs back and prevent them from maintaining commercial edge if they do not proceed to adopt a Cloud strategy.

ICO Compulsory Audits for NHS Organisations
Last week the Information Commissioner’s Office submitted a request to extend its powers to carry out compulsory assessments of NHS bodies and their compliance with the Data Protection Act 1998. Being proactive rather than reactive as in the past, this should ensure fewer data breaches and the ensuing bad press. Considering the NHS stores and transmits huge amounts of personal data, this should be protected and handled in compliance with the DPA. The ICO could be turning up at your doorstep. Are you going to be compliant when they do?

Tim Cook interview at the D11
Apple CEO Tim Cook took the hot seat at D11. With a tradition of keeping their cards close to their chest Apple did offer some interesting insights. On apps and services, Apple said they do not have issues bringing these from iOS to android, if it made sense to do so. On Google Glass, he acknowledged it might not have broad-range appeal, but spoke positively about a wrist device. This potentially hints at the rumoured iWatch. With WWDC 2013 just two weeks away we should not have long to wait for Apple to announce its new product line.

Three screens and a cloud
Microsoft has announced its next generation of gaming console with the Xbox ONE. At the announcement event the focus was not on games but multimedia. TV, sports, Skype and a multitasking Windows 8-like ‘snap view’ to run two apps side by side were included. Xbox ONE will complete their ‘three screens and a cloud’ philosophy that started with Windows 8 and Windows Phone 8. We believe the consistent interface between these three platforms will ultimately pay off in device sales, but more importantly, give customers the confidence needed to invest in the Microsoft services ecosystem.

Xbox-One-console

This week’s news from the MD of Amicus ITS

Let’s end the confusion on Windows 8  

Since the launch of Windows 8, consumers have been primarily focused on the impact Microsoft’s latest OS will have on mobility. Although this plays an important role, the other key components of Windows 8 must also be explored.  Next week Amicus ITS are holding a Windows 8 event at Microsoft’s HQ in Reading, to demonstrate all of its offerings.  The event will feature what Windows 8 can offer to the corporate world through demonstrations, as well as explaining how to effectively manage a mobile work environment. 

Top Malware trends of 2013

With the recent increase in global security breaches, MSP mentor have revealed the top malware trends of 2013.  Trends for 2013 include; increased attacks on Google Chrome, malware that has the capability to invade virtual machines, and the introduction of native 64-bit Windows malware.  We believe organisations need to take a good look at what procedures are currently implemented and what they need to change.  

Mobility brings big changes to the market

The release of Microsoft’s latest device, the Surface Pro, is just around the corner.  As more and more users are taking advantage of mobility and connectivity on-the-go, we think the market is set to change.  Consumers now want to accomplish more with their tablet, performing the same tasks (including Word and Excel) that they could in the office. However, this doesn’t just refer to devices; applications play a large part too.  As users turn to alternative online communications tools, such as free messaging and email, SMS messaging has seen its first decline since mobile phones began.

 SME’s need to embrace the Cloud  

Gartner have recently suggested that Cloud Computing is set to be one of the biggest trends of 2013, and with a vast amount of SME’s yet to embrace the cloud, there is still great opportunity for growth.  The Cloud offers numerous benefits for SME’s, including cost effectiveness, operational efficiencies and scalability.  We believe that with clear education and a protected security procedure put in place, Cloud Computing can change not only large corporations but SME’s as well.