CategoriesMember NewsSussex ShowcaseBCCBrexitCharity SectorConstructionCyber SecurityEducationFinancial & LegalFood and Beverage SectorHealth Wellbeing & LeisureIT InsightsInternational TradeInvestment In Young People AwardManufacturingPolicySales & Marketing InsightsTransport & Logistics SectorJob Vacancies
Small and medium sized businesses, can be extremely vulnerable to cyber security threats. In fact, you might be surprised just how common it is for small businesses to be breached – according to recent statistics, a small business in the UK is successfully attacked every 19 seconds. Part of the problem is the increasing number of ways that criminals are able to compromise companies. Here we take a look at five common cyber threats that SMEs need to be aware of.
1. Business email compromise (BEC) attacks
Business email compromise (BEC) is a sophisticated form of social engineering that is becoming increasingly prevalent.
In conducting a BEC attack, cyber criminals will attempt to compromise the email account of a senior company executive such as a CEO or CFO. They will then use this person’s identity to send messages requesting transfer of funds or payment of invoices to alternate bank accounts. Recent research has shown an 80 per cent increase in BEC attacks.
2. Third party exploitation
SMEs must now be mindful of the effectiveness of their own cyber security measures, but also those of their suppliers and partners. Attacks through the supply chain have become a common way for attackers to obtain a foothold.
One well known example of a supply chain compromise is the 2013 breach of American retail giant, Target. This was an enormous attack which resulted in personal and financial data relating to 70 million customers from being stolen, and ultimately cost the company in excess of $1 billion. It is thought to have been initiated through the company’s heating, ventilation and air conditioning (HVAC) contractor.
3. Cloud-based exploitation
It is important for SMEs to understand the cyber security risks associated with usage of cloud hosted networks and services. It is a mistake to believe that adoption of cloud services means that you don’t need to worry about cyber security.
However, this is not necessarily true. Take the Amazon Web Services Shared Responsibility Model, for instance, which makes it clear that customers are responsible for the cyber security of customer data, access management, system configuration and server-side encryption.
4. Software subversion
A recent trend has seen commercial software providers being used as conduit by cyber criminals to widely disseminate malicious code. For instance, by inserting malware into third party applications, criminals make it increasingly hard for compromises to be detected.
A major data breach at online ticket sales company Ticketmaster in 2018 is thought to have occurred after a third-party website plugin was infected with malware.
5. Fileless malware
Memory-resident malware (which is also known as fileless malware) is a type of malicious software that writes itself directly onto a computer’s system memory. While many forms of cyber security are able to notice and block malware through its signature, fileless malware does not have these sorts of identifying traits. It leaves very few signs of infection, making it difficult for traditional tools to identify.
Steps SMEs can take to mitigate the latest security risks
Mitigating the dangers of the latest cyber security risks requires a broad and multi-layered approach to security. By conducting regular security assessments such as penetration testing, business can begin to develop an improved understanding of their security posture and develop strategies to help mitigate the latest threats.
Businesses will also benefit from a more proactive approach to cyber security, advanced endpoint monitoring, for instance, can help to identify suspicious activity in real-time and help quickly respond to attacks capable of evading traditional security solutions such as firewalls and antivirus software.
If you run a small business and lack specialist security skills in-house, it’s advisable to seek outside support to ensure that any controls you implement will be effective for your needs.