Earlier this month, ten businesses in Guernsey were hit by ransomware. Employees opened emails, files became encrypted and hackers demanded payment to unlock them. Someone tried to pay the ransom but found that the price had increased from £400 to £1000 within 24 hours.
Cybercrime makes up 44% of Britain’s economic crime and that figure is rising rapidly, up from 20% last year. According to the accountancy firm PwC, 55% of UK businesses have experienced economic crime in the last two years which is higher than the global average of 36%. The government has pledged £860m to help businesses become better prepared to tackle cybercrime.
News stories about new cyber-attacks on major businesses are becoming much more commonplace with high profile cases like Sony, Ashley Madison and TalkTalk. It’s becoming expected but what about small businesses?
The dangers SMEs face
Many people, including small businesses owners have a tendency to believe that they are safe from hacking. After all, why would anyone bother hacking a small company when they go after one that will have a much bigger return? Large companies with lots of clients and cash flow know that any hacker would love to get their hands on their details. They invest in security because they have the resources to do so.
Hackers know this very well and have instead turned their attention to another target, the small business. While the return for them will be much lower, it is also more likely to be made in the first place. If a hacker cannot get into the system of a large company it doesn’t matter how much money they would have made. If a hacker attacks several small companies, they will be able to more quickly and with more success.
Small businesses are less likely to be able to invest in the proper security for their systems. They are also less likely to have a dedicated IT department who could potentially deal with threats. Because of this, the security is often neglected. Some businesses have been attacked without any of the employees being aware of it. By the time the hackers manage to cause damage, it’s too late to do anything about it.
Another reason small businesses are targeted is because they often do business with larger firms. Targeting the smaller business is an easier way of getting through to the larger firm by stealing confidential information passed between them. The clients or partners of the large company are seen as the weak point that hackers can target.
Hackers may use either or both of the following:
Ransomware
One of the popular methods that hackers use is to ransom business information. Like the cases in Guernsey, a hacker will spread a virus through the system which encrypts important files. They will then contact the business and demand a large sum of money in exchange for decrypting the information. Many companies decide that they have no choice but to pay the ransom because they have no way of getting rid of the threat without losing data. However, they sometime find that the fee to unlock the information increases the more the hacker realises that they can squeeze more money out of the business.
Spear Phishing
Unlike general phishing which sends out emails to large amounts of people, spear phishing targets specific people in businesses. Phishing emails are sent disguised as legitimate emails from another company or a colleague so that an employee will open them without suspicion and do what the emails asks. People who have access to the company bank account are often targeted and the hacker may take passwords to gain entry into company accounts or customers’ data.
Who is to blame?
Though hackers are to blame for the crimes themselves, some responsibility now has to extend to the companies they target because of how much information is available to us and the damage that can be done if a company neglects its security. Companies have a responsibility to protect the customers and their employees.
New EU regulations are concerned with protecting customer data. The General Data Protection Regulation, which will come into place in 2018, will result in companies being fined either €20m or 4% of their turnover for allowing security breaches to compromise confidential customer data.
Businesses big or small should be educating themselves and their employees about the dangers of cybercrime. Hacking usually requires the employees to do something like clicking on links and education can help to decrease the chances of it happening to your business.
Leave a Reply