Understanding cyber threats
The cybersecurity landscape is always evolving. Cybercriminals continue to seek out new ways to exploit vulnerabilities, whilst security specialists release new patches and protocols to counter or mitigate such cyber threats.
It is possible to hone in on several key factors that are contributing to the increased threat level facing SMBs.
The three areas of concern, namely are:
- Workplace trends inadvertently create new risks
- Risks caused by poor or outdated cybersecurity practice
- Inaction and complacency are increasing the risks
Workplace trends are creating new risks
Bring Your Own Device (BYOD)
As of 2017, the average employee uses 2.3 devices (smartphones, laptops, desktop computers etc.) to complete their work; 14% of the workforce reportedly use six devices or more.
BYOD policies have helped companies reduce equipment costs and meet employees’ desires for flexible working. However, each additional device introduces a security threat if not managed sufficiently. 46%⁸ of businesses are exposed because of mismanaged BYOD policies. And yet, many SMBs implement no policy whatsoever.
The danger arises because smartphones and tablets used for work tend to be less secure than their desktop counterparts, chiefly pre-installed security software. Hackers are aware of this and purposefully target these vulnerabilities, sometimes by using specific malware tailored for mobile devices
Flexible working
Employees want to be able to work from home, to collaborate on documents during their commute, and have access to company files when out in the field. This involves deploying the technology to enable this, such as smart devices, collaboration tools and cloud infrastructure.
From a cybersecurity point of view, the move to flexible working brings up several issues. Businesses have little control over which networks their employees are accessing out of the office. Vulnerable networks in public places are often targeted by cybercriminals, especially coffee shops and hotels. From here, hackers can access a worker’s phone or laptop and company data and systems are immediately compromised.
Internet of Things (IoT)
The continued rise of the internet of things (IoT) poses a problem to many SMBs. From factory floors to office kitchenettes, IoT devices have begun to make important contributions to UK workplaces. Be they smart thermostats improving energy consumption or heavy machinery that can predict and prevent accidents from happening, IoT is making a difference in a big way in many SMBs.
However, many IoT devices are vulnerable to cybercrime. The default security settings on many of these smart devices and machines is either rudimentary or non-existent, resulting in a scenario where millions of devices in offices, warehouses and factories become an easy target for hackers. Hackers find it much easier to gain access to these, for instance by connecting to and overriding the devices using the default factory login details.
Risks are caused by poor cybersecurity practice
Passwords
One of the most common causes of data breaches and cyberattacks should be the easiest to prevent − weak passwords. We all know about it, yet so many people still use weak and vulnerable passwords, either out of convenience, complacency or laziness.
The problem is convincing all your employees to update their password to something more secure. Passwords are case sensitive and can contain up to 127 characters. A good rule of thumb is to:
- use more than six characters
- use a special character (e.g. @, %, #)
- never use your name, user name, date of birth etc.
This might seem like basic advice − and, in many ways, it is. But it is important, because weak passwords give cybercriminals easy access to our devices, data and networks.
Old operating systems
When the WannaCry attack occurred back in May, it was widely reported in the media that many NHS workers were running an outdated version of Windows, Windows XP. Microsoft had stopped supporting the service back in April 2014. Since then, organisations who had been using it were highly vulnerable to cyberattacks, because Microsoft had stopped releasing updates and patches to protect them.
When there is news of a new threat, all the large software companies − Microsoft, IBM, CISCO etc. − will release specific updates, known as patches, to counter these threats. Also, when these large companies or ‘ethical hackers’ discover new threats themselves and report them, they create and release patches for them too.
It is much easier for hackers to find and target vulnerabilities within these old operating systems that lack any protection against the latest threats. That is why it is always important to download patches and upload the latest versions of the software that you use.
Inaction and complacency are a risk too
Many business owners continue to avoid taking the necessary action to protect their business from future cyberattacks – either because they think it can wait until later or because they don’t think it is a business priority. Unfortunately, the statistics would indicate this is a risky approach.
Ciaran Martin, CEO of the National Cyber Security Centre, frames the notion of becoming cyber-secure as a positive:
“UK businesses must treat cyber security as a top priority if they want to take
advantage of the opportunities offered by the UK’s vibrant digital economy.”
The future of all business will involve digital to a greater or lesser extent. Consumers are going to be looking for businesses they can trust with data. Making cybersecurity a priority will be seen by your Customers as a positive step, as proof that you have their best interests at heart.