Why small businesses need to protect against cyber attacks

Cybercrime is growing around the world and no business is immune to the threat of cyber attacks. Whilst cybercrime is typically associated with big businesses, that’s only because these are the stories that make the headlines. Small businesses are just as vulnerable to the threat of a cyber attack and sadly, many small businesses do not invest in adequate cyber security defences that will protect their business and their employees.

The rapid growth of cybercrime

It’s now over 50 years since the first recorded cyber crime took place when the “reaper” antivirus was introduced in 1970. Over the past 50 years, cybercriminals have become a lot more sophisticated in the way they attack businesses and it is becoming harder and harder for cyber security specialists to keep up. There is a global shortage of cybersecurity professionals and this is only adding to the issues businesses face from hackers.

According to (ISC)² – the world’s largest nonprofit membership association of certified cybersecurity professionals – the global IT security skills shortage has now passed four million.

The shortage of cyber security specialists is compounded by the rapid growth in cybercrime around the world. In 2016, Cybersecurity Ventures predicted that by 2021 cybercrime will cost $6 trillion annually, up by $3 trillion from 2015. This is expected to grow again by 2025, with cybercriminals finding new ways to access data every day.

Fuelling the growth of cybercrime is the increased use of cloud services by businesses around the world. Most businesses simply don’t have the storage and infrastructure to keep all their sensitive data in secure, data storage facilities on-site.

Couple this with a Bring Your Own Device (BYOD) culture, and it makes it extremely difficult for businesses to control and manage the services that people are connecting to via the business network. Internet of Things (IoT) connected devices such as wireless speakers, smart TVs and even home assistants all provide potential gateways to a company’s network. These types of devices are typically not kept up-to-date so security patches are not installed, increasing the vulnerability of the network.

Our increased reliance on services in the cloud and IoT connected devices means that cyber security measures are more important than ever. Whether it’s our own personal devices or devices we use at work, acknowledging the risk is the first step to combatting the threat of cyber attacks.

From individuals to large multi-nationals, no one is immune from the threats posed by cybercriminals today and whilst big businesses will often bring the biggest paydays, it’s the smaller businesses that are becoming a more common target due to a lack of protection and an attitude of, “it will never happen to me”.

Recently, Acer’s servers were breached for a second time and despite investing heavily in cyber security measures, they had more than 60 gigabytes of data stolen. This type of incident costs companies millions of dollars. Not only do they have to invest to “fix” up any holes in their cyber security, but they also lose the trust of their customers and this can be potentially further damaging to their long term reputation.

What should small businesses do to protect themselves?

If you are a small business owner, there are some basic steps you should carry out to secure your business network and protect anyone that connects to that network.

The first step, if you haven’t already, is to invest in a quality antivirus and anti-malware software programme. Packages from leading brands such as Kaspersky or McAfee will typically be scalable so as your business grows, your options to protect more devices will also grow.

Make sure you select a package that enables you to protect all the devices that connect to your network, including mobile phones, desktop and laptop computers. It’s also important to keep this software up-to-date and ensure you have a cybersecurity policy in place that requires staff to regularly update software installed on their devices.

Taking things to the next level, it also makes sense for businesses to invest in a VPN (Virtual Private Network) which will encrypt your network to ensure online privacy for all your users. A VPN masks your internet protocol (IP) address, making your online interactions almost untraceable and adding an extra layer of security on top of your antivirus and antimalware software.

VPNs can be deployed across all your devices and at the very minimum, they should be used by staff that work remotely and regularly connect to public Wi-FI networks.

Many antivirus programmes also come fitted with a firewall but if you don’t have one in place, it’s another cyber security measure to prioritise. A firewall can be installed on individual devices and can also be set up as a web application firewall (WAF) which acts as a reverse proxy, protecting your server from exposure.

What are businesses doing to counter cybercrime?

Large corporations are turning to technology in order to fill the shortage gap in the cyber security field. Big data, artificial intelligence (AI) and machine learning (ML) are all new technologies that are being used to identify and nullify the threat of cyber attacks. Whilst huamn input is still required, AI and ML can scan and analyse huge amounts of data, identifying anomalies that can then be quickly reviewed by cyber security specialists and the appropriate action taken. What would take an analyst hours can be done in minutes or even seconds by AI and ML and this is seen as the best way for businesses to combat the increasingly sophisticaed level of cyber attacks that are taking place today.

The online gaming industry is one that has had to invest heavily in cyber security measure due to the nature of their business. A 2018 study revealed cybercriminals staged 12 billion credential stuffing attacks against gaming sites in 17 months. From doxxing to active listening, there are several threats to be aware of if you are an online gamer including malware, account takeovers and active listening where a cybercriminal will use your active mic and camera to learn personal information.

Of course, many companies within the online gaming sector have invested in cybersecurity in order to combat these attacks and protect their players. Online casinos not only promote safer gambling, including ID checks to ensure no underage gamblers can access their site, but they also invest in cybersecurity methods in order to protect the personal data of gamers on their site.

Whilst cybercrime is not going away any time soon, businesses are fighting back and using the latest technology to maximise their cyber security defences, meeting sophistication with sophistication.