The truth is that you’re right in the firing line for cyber criminals: a recent Vodafone survey recorded attacks on SMEs increasing by 15% last year, with more than half being hit. That’s up from 39% in 2022. Meanwhile, a third (33%) saw the number of attempted cyber-attacks increase, with just 18% experiencing fewer attempts.
The Government, through the cyber security breaches survey for 2023 also noted increased attrition on the smaller operator and as SMEs make up 99.9% of the UK business population that’s a lot of nefarious cyber activity. Why are SMEs such a prime target? Surely, the larger enterprises have deeper pockets and represent a more valuable target?
Computer says ‘no’
The answer is that SMEs are a target precisely because of their smaller scale – and the fact they represent a ‘way in’ to the larger operators: the major players who are prepared for threats by external actors, but not proxy attacks from the smaller, ‘trusted sources’ suppliers who may unwittingly pass on malware or other digital infections under the radar of the corporate cyber protection regimes.
Smaller companies also represent a quick win in terms of vulnerability. As we’ve established, there are many SMEs, they’re easier to target, unlikely to have dedicated cybercrime resources and with the Vodafone survey putting the average cost-per-attack on SMEs at more than £3,000 per business, it’s a good day’s work for them, and potentially the last day in operation for the victim.
Looking out for the little guy.
The government piece suggests smaller enterprises simply don’t regard cyber security as today’s business priority. And that’s quite understandable.
Because, as this survey for electronics giant Sharp points out, the SME has endured multiple ‘once in a lifetime’ experiences in just five years. What with the pandemic, global supply chain issues, a disastrous mini-budget and more recent economic pressures related to war, how many challenges can one company overcome?
What’s your IT priority?
The Sharp findings noted that while companies were certainly planning to invest in IT, hardware upgrades and cloud migration were the strategic priorities at 33% and 31% respectively. While four out of 10 respondents recognised the existential threat of cybercrime, only one in 10 had a dedicated IT person to deal with it. That’s an IT generalist, not a security expert.
So, if you’re one of the 50% or so of SMEs identified as planning to spend more than £20,000 on IT this year, and recognises that any investment should include cyber security, where should you invest those resources? Our Tips and Tricks can help. You’re welcome!
Tips & Tricks
1/ Don’t spend anything! The National Cyber Security Centre (NCSC) has plenty of free tools and advice, including this Small Business Guide and a check your cyber security tool.
2/ Do the basics. Patching plugs the gaps in your security software before hackers find and exploit them. This helpful blog by the NCSC explains why you should (and why it may be difficult).
3/ Consider the architecture of your security system. Does it make initial compromise or disruption of the system difficult, limit the damage and make detection easy?
4/ Exercise cybersecurity hygiene: train your employees to spot danger and minimise risk, remember to back up files, limit file access and use encryption. Oh, and deploy security software. Obviously.
5/ A virtual private network (VPN) is more secure than a public network. It’s an encrypted pathway between your devices and the wider Internet. It’s portable, too, as we covered in a previous blog.
6/ Take time to do the work. Whether it’s a patching exercise, backing up files, or researching the to-do list that keeps you safe, it’s quicker than trying to repair the damage after the event.
7/ Don’t assume anything. As we’ve discussed, it’s a false assumption that you’re not a target or too small to bother with. Just because you’ve not been hit doesn’t mean you won’t.
8/ Understand your vulnerabilities. The Open Worldwide Application Security Project (OWASP) is a non-profit framework for software developers. It’s a big list of software’s collective Achilles heel.
9/ Do something. Whether you’re going to do it yourself, hire someone new, or delegate the tasks internally, inaction is not an option. The clock is ticking.
10/ Talk to Sprint. Cyber Security may seem a lot of hassle, and it is. Many of our customers prefer to outsource the responsibility and ongoing security to the experts. That’s us. Let’s talk.