Technology
What all Business Owners and Managers Need to Know about Cybersecurity
Cyber Security will be one of the biggest issues for London’s businesses in 2021 and beyond. It’s important for firms to understand what a cyber-attack is, how it happens, and what can be done about it. Matt Dunn, Business Support Director at Labyrinth Technology looks at how a cyber-attack works and how cyber security can protect your business. What is a Cyber-Attack? Put simply, a cyber-attack is an attempted offensive action targeting computer information systems, infrastructures, computer networks, or personal computer devices. There can be many reasons for this attack, including attempting to access and steal data, conduct a financial crime, or to disable computers or computer processes.
Don’t we know all about this already? Well, yes, but the problem with the culture of awareness regarding cybercrime and cyberattacks is that only the “big”, “exciting” or “newsworthy” stories (usually involving big name firms or organisations) make it into the public consciousness. I’m sure you recall; • Scotland’s environment watchdog (SEPA) not paying a ransomware demand and having their data posted online • The WannaCry attack which left 40 NHS trusts unable to serve their patients • Talk Talk’s data breach of 2015 • the SolarWinds attack, which only made big news because they themselves provide the tools to prevent such a breach (awk-
ward!!!).
But they are big names, so it won’t happen to my firm, will it? Well, did you know that a reported 96% of UK businesses suffer a cyber-attack in a 12-month period? And Hiscox, one of the UK’s biggest providers of specialist cyber-insurance estimate there are 65,000 attempted cyber-attacks on small to medium businesses every day, and about 4,500 of these are successful! So, UK businesses should be changing their attitude from “it’ll never happen to me” to “it’s bound to happen to me one day soon!”.
So if my firm is targeted, how will a cyber-attack happen? There are a multitude of cyber-attacks that can be deployed against businesses. For example, some of the better-known ones are; • Ransomware: a type of malware locking and encrypting your firm’s data and devices, preventing access, which is only restored if the hacker’s demands (usually a bitcoin ransom) are met. • Man-in-the-middle (MitM) attack: when attackers can insert themselves between a device and a network, such as public wi-fi in a coffee shop. Are YOUR mobile devices all encrypted? Do you have network level security? • Phishing and spear phishing attacks: criminals send emails that appear to come from a reputable source and install malware on the victim’s machine.
In a nutshell, protect yourself. A well thought out strategy for tackling information security threats is crucial. This should include an information security policy, end user
• Risk assessments: which identify the assets that could be affected by a cyberattack (hardware, systems, laptops, customer data and intellectual property) • Security awareness: if employees do not know how to spot the likes of a phishing email, they will be extremely vulnerable to the most common and successful forms of cyber-attack. • Managed firewalls: this unified threat management (UTM) appliance is typically a piece of hardware with security subscriptions which protects against a wide range of threats from a central point.
• Password attacks: when a criminal tries to gain access to a computer system by cracking a user’s password simply by using information gathered by the attacker. Do your employees use Facebook, and celebrate their parents wedding anniversary? That’s such an easy way for criminals to get the answer to the memorable question “what is your mother’s maiden name”!
So what can I do?
awareness training, annual IT security audits/risk register reviews, and clearly defined accountability for information security in your organisation. When starting on your cybersecurity journey key points to consider are;
• System monitoring: products which help prevent employees from accessing malicious or unsuitable content such as phishing websites. A cyber-attack costs the average small business more than £1,000, with a cost to medium businesses being over £3,000. By changing your attitude from “it’ll never happen to me” to “it’s bound to happen to me one day soon”, your firm can mitigate the threat in an organised, costeffective way. So, my advice would be to contact a Managed Security Services Provider (MSSP) today, preferably one that offers specialised services, solutions, and products. www.LabyrinthIT.com
Southwark BUSINESS TODAY 15
