Companies across the UK could be leaving themselves open to cyber attacks, reports TechWeek Europe, with half of businesses vulnerable to being hacked in less than 30 minutes. This is the alarming assessment of data security specialist Walter Rossi, who has warned that the majority of businesses are simply not prepared for cyber security attacks and are don’t have adequate measures in place to guard against them.
Rossi’s observations come as ‘cyber extortion’ attacks occur with increasing frequency. For example, hackers may disrupt a company’s online services or website and then issue a ransom demand to release the files or site. Known as ‘Distributed Denial of Service’ (DDoS), this is a common hacking technique whereby hackers paralyse a business’s system by overloading it with traffic. Some hackers may secretly obtain information such as commercially sensitive data or bank details.
“Attacks on SMEs are remarkably common as their security tends to be less sophisticated, making them easy prey,” says Rossi, who works for IT service provider Daisy Group. Such attacks are usually carried out by people aiming to steal data, blackmail them, or use their relationship with larger organisations to gain a ‘back door’ into bigger companies, he believes.
“There’s no perfect solution and even companies with the most advanced systems can fall victim to hackers,” he says. His advice is that small businesses should consider investing in an up-to-date, multi-layered security system built to withstand viruses and DDoS attacks, and alert users to any breaches.
Rossi also advises asking staff to change their passwords at least once every three months, using a combination of letters and numbers.
Investing in security systems and new processes may be costly and place more demands on staff, however, if businesses fail to adopt these technologies and behaviours, they could be exposing themselves to untold damage. They may need to invest thousands to repair their systems and stand to lose much more if their business is used to access customer and supplier information.
Help available for SMEs includes the ‘Cyber Essentials’ certification scheme designed by the UK government. Businesses that comply with the scheme can display its logo, helping stakeholders to understand whether the company has implemented basic cyber security measures.