News

Are you taking cybersecurity seriously enough?

Author

Lindsay Harriss

Date

10 Mar, 2022

Category

Blog

With the number of cyberattacks rising substantially since the onset of the pandemic, the vital importance of businesses having strong cybersecurity has come into sharp focus. However, as many of the highest-profile attacks publicised in the media have been aimed at large organisations and institutions, smaller businesses could be forgiven for thinking they are safer, and unlikely to be targeted. Unfortunately, statistics strongly suggest otherwise, so here we look at why you may need to take cybersecurity more seriously, and what you can do to protect your company.

Stark statistics

The stark fact is that cyberthreats have sharply escalated in the last couple of years, with a rapid rise in remote and hybrid working no doubt increasing the vulnerability to attack of many businesses. In fact, recent research shows that in 2021 there were as many as 50% more cyberattacks per week on corporate networks than in 2020. Indeed, specifically in the UK, according to the government Department for Digital, Culture, Media & Sport Cyber (DCMS) Security Breaches Survey 2021, 39% of all UK businesses reported that they had suffered a cyber breach or attack in 2020/21.

However, this threat is most definitely not limited to just large organisations, as the 2021 Verizon Data Breach Investigations Report found that 61% of all small and medium-sized businesses have reported at least one cyberattack during the previous year, and that 43% of all data breaches involve small and medium-sized businesses. Moreover, a study conducted at the end of 2021, by advisory and research company Software Advice, of 500 managers at UK companies with less than 250 employees found that 62% said they had seen an increase in cyberattacks in the last two years, and 12% of those said this increase was significant. It would therefore seem that no matter what the size of your business, you cannot presume that you will be safe from cyberthreats, without taking strong protective measures.

A surfeit of cybernasties

So, what sort of cyberthreats do you need to protect your business from? Well, while ransomware attacks – involving a type of malware that blocks access to a victim’s data, or threatens to publish it, unless a fee is paid – may be one of the most infamous cyberthreats, they are by no means the only ones. In fact, a recent report by the European Union Agency for Cybersecurity (ENISA), identified a list of the most common cybersecurity challenges faced by small and medium-sized enterprises, with phishing attacks named as the top threat. For the uninitiated, these are a type of email-borne social engineering attack, whereby a cybercriminal attempts to trick the recipient into revealing sensitive data to them, or to install malware on to their network. Indeed, the Software Advice study of small and medium-sized enterprises also found that attackers were most likely to target companies with phishing emails, with 57% of incidents reportedly involving such messages, and that malware was another common threat, found in 54% of cyberattacks.

In fact, there is a surfeit of cybernasties out there, just waiting to cause you trouble. This also includes the likes of distributed-denial-of-service (DDoS) attacks – sophisticated attacks designed to flood networks with traffic, to either degrade network performance or shut down a system completely – and even malicious insider attacks, carried out by someone with access to your system, like a former employee, breaching sensitive data. Furthermore, the cyber risk situation does not look set to improve anytime soon, with predictions pointing to a continuation of the current rising trend.

Why be serious about cybersecurity?

And yet, despite the strong evidence that all businesses, are on the firing line where cybercrime is concerned, it would seem that companies are still not taking cybersecurity seriously enough. In fact, worryingly, research this year has found that as many as 25% of UK companies are underfunding cybersecurity, and research conducted in 2020 found that one-third of companies with 50 or fewer employees were using free, consumer-grade cybersecurity, possibly leaving themselves vulnerable to attack. This suggests many are ignoring the severe impact that a cyberattack may have, as the aforementioned ENISA report found that 85% of the small and medium-sized enterprises surveyed agreed that cybersecurity issues would have a seriously detrimental effect on their businesses, with 57% admitting that they could possibly go out of business.

Indeed, one survey found that 83% of small and medium-sized businesses are not financially prepared to recover from a cyberattack. In fact the cost of being targeted should not be underestimated, as a study by Cisco found that 40% of small businesses that suffered a severe cyberattack experienced at least eight hours of downtime, which accounted for a big part of the overall cost of a security breach. Moreover, the DCMS Cyber Security Breaches Survey 2021 found that the average cost of those small businesses that lost data or assets as a result of a cyber breach or attack was £8,170. However, for medium and large companies, this average cost was reported to be higher, at £13,400, but according to the 2021 Hiscox Cyber Readiness report, the largest loss for a single business was £15.8 million. What’s more, although the financial costs can be high of such an attack, the damage it can do to your business’s reputation, if confidential data is breached, can also be severe.

Worried about ransomware?

When was the last time you reviewed your cyber resilience? Speak to one of our cybersecurity experts today to request a cyber threat assessment for your business. 

How can you protect your business?

With such strong reasons to take cybersecurity seriously now, what can you do to protect your business? Well, the answer to that is ‘plenty’! For all the cyberthreats out there, there is now a whole range of ground-breaking IT security ready and waiting to defend your business. For example, you could choose a comprehensive solution to give you complete peace of mind, such as Prodec Network’s fully managed security as a service (SECaaS) solution, which combines state-of-the-art IT security solutions, such as firewall as a service (FWaaS) and endpoint detection and response (EDR) technology, for continuous, reliable protection.

Furthermore, to ensure your business is truly protected, perhaps one of the most powerful things you can do is to make sure your employees are educated to be aware of possible threats and prevent them, as according to the Software Advice study, 48% of executive managers said that employees had received no cybersecurity training in the past two years. With phishing attacks so prevalent, a programme of simulated phishing and security awareness training could enable your workers to identify potentially malicious emails more effectively and become a human firewall against such attacks. In addition, with increasing numbers of employees working remotely, it would be sensible to strengthen the cyber hygiene in your business, by adopting more rigorous procedures to protect against threats, such as implementing a strict password protocol, only giving individuals login details for the systems they really need access to and supplying company devices rather than letting employees use their own equipment.

Finally, it would also be wise to make preparations just in case the worst should happen, and you are hit by a cyberattack, to minimise the impact and ensure your business can recover quickly. This can be done by establishing a cyber incident response plan, which details the processes to follow if an attack does take place, as providing guidance on how to deal with an incident can help your business respond effectively in such a stressful situation. However, according to a recent report by security company Nexor, only one in five businesses currently has such a plan in place at all. You could also consider protecting against the impact of any attack by adopting a disaster recovery as a service (DRaaS) solution, like Prodec’s cloud-based service which replicates data from your site into virtual machines in three UK-based data centres, allowing your business to recover data swiftly in the event of an incident.

So, if you want to seriously protect your business from cyberthreats, contact Prodec today, to discuss how we can help you keep your business safe and secure.

Related services

Simulated Phishing

91% of data breaches start with phishing attacks on organisations. Find out what percentage of your employees are Phish-prone with simulated phishing attacks.

Learn more