The managing director of a major cyber security player has warned small businesses to take the cyber threat more seriously.
Paul Harris, managing director of Manchester-based Secarma, says that half of all cyber-attacks are upon small firms which could be destroyed overnight.
“If they’re not a large or national organisation, people get lulled into a false sense of security and believe they won’t be attracted to hackers because they’re an SME, but that’s simply not the case,” Harris told BusinessCloud.
“Fifty per cent of all attacks target small businesses.
“They can use ransomware to encrypt your data and customer information so you can’t do anything until you’ve paid a ransom. Businesses are dying because of this.
“Small businesses, particularly, can be targeted for small amounts. That’s why it’s becoming more important for every company to have a cyber policy.”
Cyber-crime is now run as a business yet many firms are burying their heads in the sand. Harris cites figures that show 200,000 new malware samples appear on the internet every day.
“That’s the level of activity that’s happening that companies are trying to cope with,” he added.
“We’ve got so many different ‘bad actors’ as we call them, everything from curious school kids to lone wolves, right up to nation states like America, China and Russia who are massively active in this space.”
Whether those security breaches are for surveillance, to steal IP or personal data, the threat is real and should not be ignored by organisations of any size.
Simple measures like making sure firewalls are up-to-date and patched are important. Criminals that get in via a firewall could then place a piece of software on your network that could periodically send data – known as a silent attack – or carry out a ‘drive-by attack’, where they immediately recover your data.
Using email scanning software is also necessary and ensuring you educate employees on phishing.
“Emails come in all the time and there are much more subtle ways now for people to try and get into your business,” Harris said.
“Recruitment, for example, is a department that regularly has to click on email attachments from complete strangers and cyber criminals can use this to embed malware that can infect that PC and start attacking servers.”
As well as an effective strategy spelling out what to do in case of an attack, vulnerability testing and ethical hacking can also be a good test of your system’s defence capabilities.
‘Red teaming’ sees hackers attack a business to demonstrate potential holes, while there is a range of other activities experts can arrange.
“We’ve never had a customer where we didn’t find vulnerabilities and we’ve been going 16 years,” Harris said.