There is a common myth that exists in the world of cyber security. This myth is that all cyber criminals and hackers are disgruntled teenagers, sitting in their dark bedrooms and hacking websites as a way to fight the power. This is simply not the case. In fact this stereotype can lead to people severely underestimating the threat of cyber-attacks and hacking.
In reality, cybercrime is a lot more sophisticated. It isn’t just lone hackers in hoodies, it is entire teams and operations. There is also a common assumption that the hackers who attack businesses have some form of grudge against them, or there is a specific reason why they are being targeted. This is also untrue much of the time. Cyber-criminals are indiscriminate, attacking any business with obvious vulnerabilities in their network.
At Biscuit, part of our role as a cyber-security manager is informing businesses who they may be at risk from. We believe it is simply a case of knowing your enemy. If you have a better understanding of who is attacking your business and why they are doing it, then you are in a better position to protect yourself. That’s why we’ve put together this blog detailing who cyber criminals really are.
Who is looking to attack your business?
Modern cyber-criminals are normally organised and working together in a network. These networks can be based in the UK but many operate abroad. Many take advantage of VPNs and other technology to access your networks remotely.
Depending on your industry, and whether your business is a leader in said industry, attacks may be sponsored by competition either at home or in competing nations such as Russia or China. State sponsored cyber-attacks have been on the rise in recent years and have targeted public service businesses, and even elections.
The majority of cyber-criminal organisations are tied into larger criminal enterprises. While elsewhere in Europe cyber-attacks have been linked to Mafias, here in the UK cyber-criminals have been closely linked to drugs smuggling and human trafficking. This demonstrates just how serious these crimes are. It also highlights just how important it is that your business’ money and data doesn’t fall into these criminals’ hands.
What are hackers hoping to gain from your business?
This might sound like a question with quite an obvious answer, money. But this can often be more complex, and can inform as to where criminals will attack your business.
Often cyber-criminals are looking to access sensitive data in order to ransom it back to you at an enormous markup. The average amount of the ransoms are over £1 million. Accessing this sensitive data is usually done through phishing attacks. This involves sending bogus emails, texts or calls to your staff in the hopes that they will give up company or customer data.
If criminals are taking a more direct route to accessing your finances then they may choose to simply hack your business. This may come in the form of a virus, or by simply brute forcing their way past your passwords through trial and error. These threats have the same goal, to access your capital. Understanding the variety of methods used to attack your business can help you to better prepare.
What are the consequences of cyber-attacks?
According to MoneySuperMarket, over 40% of businesses experienced a cyber-attack last year. This rises to a staggering 72% among larger enterprises. Many of these businesses thankfully had adequate cyber-security measures, whether from their inhouse team or from an outsourced service. Those that aren’t prepared can face some disastrous consequences.
Cyber-crime will cost in excess of $6 trillion globally this year, with the average attack costing £750,000 in the UK. Of course, this number is skewed higher by some of the enormous losses suffered in high profile cases, but small businesses also stand to lose thousands.
Even if you manage to pay off a cyber-criminal’s ransom or recover a portion of the money lost, the lost trust from customers is incredibly damaging. 60% of small companies close within 6 months of an attack. This startling statistic is only compounded by the fact that if a business is attacked once, it is more likely to be attacked again. This demonstrates just how important it is to stay protected.
During the pandemic, the priority of criminal syndicates shifted. While high profile attacks did happen, with notable victims including Apple and Facebook, many criminals focussed on vulnerable smaller businesses. The rise of home working meant that staff were more lax about security processes, and were using more insecure home devices. Putting new industries such as education and manufacturing severely at risk.
To find out more about how your team can stay safe, get in touch with our team here at Biscuit. Our cyber-security experts will be happy to provide training on the services and best practices that can keep you safe. Get in touch at 01924 241 281