01924 241 281 hello@biscuit.uk.com

What could an average business stand to lose in a cyber attack?

It’s no secret that cyber attacks are on the increase. The rise of remote working is a key contributor to this, for three main reasons.

Firstly, when working from home, and especially when staff work from their own devices, your network is only as secure as its weakest link. Consumer-grade devices like your staff’s home routers are easier to compromise than the business-grade equipment in your office. Allowing access to your core network through a VPN therefore reduces the overall integrity of your cyber security.

Secondly, the rapid shift to home working at the start of the pandemic forced many businesses to adopt cloud services without the time to perform due diligence. Since the start of the pandemic there have been several highly publicised breaches and vulnerabilities discovered in popular cloud services. Each new cloud service you deploy therefore increases your exposure to the risk of attack, presenting new avenues for hackers to gain entry to your network.

Thirdly, and perhaps most importantly, remote staff are naturally more isolated from your IT staff. Similarly, if you’re operating a BYOD (Bring Your Own Device) policy and your staff use their own devices to work, your central IT systems are also isolated from your users’ devices. This makes maintaining user training difficult, discourages users from reporting questionable attachments or suspect links, and reduces the effectiveness of your own cyber security measures.

You may be thinking “it’s been over a year since the first lockdown, if I haven’t been hacked yet, am I a target?” Well, we’ve written this blog to highlight the devastating impact of cyber attacks on small businesses, and why it’s always prudent to plan for the worst. We’ll also cover some simple and cost-effective steps you can take to protect your business against attack.

So how much could a cyber attack cost my business?

The simple answer is that any sophisticated cyber attack has the potential to destroy your business. The average cost of an attack to a small business is increasing; it’s now well over £1000. This may not seem like a lot, but bear in mind that it doesn’t account for the loss of revenue due to downtime or the impact to your reputation among your clients.

The statistics bear this out; cyber attacks are a huge problem in today’s business world. As many as 43% of all cyber attacks target small businesses. Less than 15% are in a position to adequately defend themselves.

Clearly the problem is deeper than a few high-profile attacks on public corporations. Indeed, more than half of all small businesses have been the victim of a breach in the last year.

While most breaches are relatively minor, or are thankfully caught before any major damage is caused, you never know when you could be targeted by a sophisticated and costly attack.

We all know about ransomware attacks, for example. The cost of dealing with ransomware often runs into the hundreds of thousands. As smaller businesses are the most common targets, a typical ransom demand is around £10,000.

Hackers can play all kinds of tricks with emails. Whether it’s a phishing scam that tricks users into entering payment details or other valuable information into a fraudulent website, or a sophisticated attack that gains control of your emails to rewrite payment details on outgoing emails, the cost of a vulnerability in your emails could be devastating.

How to protect yourself

The first step you need to take is to ensure that your network is as secure as it can be. Anti-virus software is a must, of course, but so is email protection. Fraudulent emails and related phishing scams are the most common causes of security breaches. Biscuit partner with ESET and Sophos, two of the most well-respected names in the industry, to provide anti-virus and anti-spam packages.

It takes businesses an average of 101 days to detect breaches. This indicates the increasing sophistication of hackers; if they find a vulnerability in your network, they will wait for the right time to exploit it. This highlights just how crucial regular virus and malware scans are.

Human error is one of the biggest threats to your security; 95% of cyber attacks are caused by human error. Less than 30% of businesses have instituted annual cyber security training. This can only mean that the gap between the skillsets of hackers and staff is getting wider. In many cases, this can mean that hackers are presented with relatively easy opportunities to circumvent your security systems.

While keeping your firewall, anti-virus and other cyber security tools up to date is crucial, we believe it’s equally important to train your staff to identify and safely deal with phishing attempts, questionable email attachments and malware. That’s why we offer our clients regular cyber security training sessions for all their staff. Our experts can ensure that your staff are all up to date with the latest guidance, and all know how to identify and report potential threats.

Do you want to find out more about Biscuit’s cyber security services? Give us a call on 01924 241 281 today.