Alexa metrics

Did We Make It Easy for Hackers in 2018?

18 December 2018 by Jenn Granger

While it’s easy to think that your small business is exempt from the wrath of a cyber-attacker, with only the larger organisations seeming to suffer highly damaging attacks, this stat is a reminder that all businesses are a target.

In a recent UKFast webinar, our experts discussed the five top flaws in businesses’ cybersecurity that lead to cyber-scandals.

Cyberthreats And Breaches 1Who are our experts?

  • Noha Amin Information Security Awareness Manager at TalkTalk
  • Annabelle Gold-Caution Technology and Privacy Lawyer at Fieldfisher
  • Paul Mason IT Security, Education and Training Specialist at Secarma

What did they discuss?

1.       Insider threats

Employees are your first line of defence against cyber-attacks, but they can also be your biggest weakness.

Phishing attacks are one of the biggest threats to businesses with untrained workforces – a single phishing email can bring down an organisation if vital data is compromised as a result.

Noha recommended the ‘practice makes perfect’ approach to tackling the problem.

She said: “Businesses must introduce phishing campaigns into their cybersecurity training. Fake phishing emails can be circulated to employees to build awareness, so that people learn how to identify these types of email and can report them to prevent this kind of attack affecting your business.”

2. IoT and connected devices

Paul said that he’s seen a growing volume of attacks connected to IoT and connected devices, as their insecure nature opens up a myriad of vulnerabilities in business networks if connected without a good device policy. The start of the New Year in particular is going to be a high-risk time for those who allow devices to be connected to their corporate network.

Paul said: “Quite often on Christmas day I turn on threat-mapping software and watch the map of the world light up as the number of attacks spikes. People get their shiny new devices, which have not been updated and are very vulnerable to attack, and they don’t think twice about connecting these to their home or work networks. It’s a perfect time of year for attackers. “

3. Neglected networks

Cyberthreats And BreachesIf Facebook’s two humongous data breaches of 2018 haven’t already scared you into checking your network with a fine-tooth comb, we don’t what will. Out of date, unpatched and untested software is full of vulnerabilities just waiting to be exploited by cybercriminals.

Annabelle said: “A lot of cyber-attackers are very opportunistic. So, while small businesses may not be the sole target of a malicious attack, if their digital vulnerabilities are detected when cybercriminals are scanning for networks to exploit, then they are likely to be attacked because they are then an easy target.”

Using up-to-date systems, hardware and software is critical to making sure attackers don’t take advantage of your network. Apply security patches as soon as possible and always check the manufacturer of the hardware to see if they have published security updates, as not all security patches will be distributed by the vendor.

4. No cybersecurity strategy

Cybersecurity strategies have become an essential part of business frameworks, but there are still so many firms operating without them.

Noha said: “There should be strong frameworks and policies in place that ensure the team as a whole is responsible for being secure – it’s not just the job of your data protection officer.

“Most importantly, once these are in place they need to be tested and maintained.”

As the old saying goes, failing to prepare is preparing to fail. Knowing your network, what data you have, the risks to your business, how to mitigate these and what to do in the event of an attack are key factors included in your cybersecurity strategy that must be identified and planned for to protect your business.

5. Complacent attitudes

Paul pointed out, after contacting the Information Commissioners Office (ICO) himself, that it is the businesses that fail to do anything to prepare for an attack that will feel the blow of GDPR fines the most.

He said: “The ICO understands that attacks and breaches will happen, because every business will suffer one at some point, but if your business has failed to do anything at all to mitigate the risks then you will be hit with the harsher consequences.”

At the end of the day, cyber-attacks and data breaches aren’t going anywhere anytime soon, so we must protect businesses and stop making it so easy for cybercriminals going into 2019.

To hear more from our expert panel, watch the ‘2018’s Biggest Breaches and Attacks’ webinar on demand now, for FREE.

Watch Now