Prevention is always better than cure in the cybercrime surge against SME’s.5 minute read
Small businesses in the UK collectively suffer close to 10,000 cyber-attacks daily – at an annual estimated cost of £4.5 billion.1
A shocking statistic which also reveals the average financial impact on each individual business is around £1,300.
But what’s equally alarming is the number of SMEs that aren’t properly armed against the threat of cybercrime when it comes to security measures and awareness.
According to the Federation of Self Employed & Small Businesses, one in three small firms owned up to not installing security software in past two years, four in 10 don’t regularly update software and a similar number don’t back up IT systems and data.1
Just because SME attacks don’t hit the headlines like they do for their global cousins, it doesn’t mean they’re any less devastating.
The fact large companies have more stringent and costly cyber security measures often makes smaller businesses a more appealing target.
Cybercrime isn’t going anywhere, in fact it’s a constantly evolving and growing danger to businesses worldwide.
Sophisticated and devious.
From fraud to hacking and data breaches, methods are becoming more sophisticated, more available to those less technically proficient and more widespread.
With a rapidly growing reliance on websites and web applications for customer interactions, it’s important to understand the risks and processes required to keep your online presence safe and secure.
Fraudsters will continue to exploit any opportunity and their deviousness shows no bounds – the government were forced to issue an alert to charities this year following a surge in reported coronavirus related scams.2
With many firms already facing a challenging climate, the cost and consequences of cybercrime is almost unthinkable.
But the good news is, attacks are preventable.
Knowledge is power and awareness is essential – not just for business owners but for employees as well.
And with the right systems in place, businesses like yours can defend themselves from the threat of attack and stay one-step ahead of cybercriminal plots to financially devastate and disrupt.
And there’s more good news.
The cost of the robust systems, processes and guidelines required to fend off threats is minimal compared to the disruption of any likely breaches.
Attacks to look out for:
Before we look at some of the solutions let’s delve into the realm of the cybercriminal to unearth some of the most common attacks and how they can wreak havoc within your business operations.
- Malicious POST requests
POST requests send data to your server – whether it’s leaving a comment, posting a tweet, or sharing content, the browser sends your content and data – that’s just how the web works. But because on a typical server there’s no limit to how many POST requests it can receive, cyber attackers can run scripts that make endless illicit POST requests which ultimately gobbles server resources and bandwidth. It results in slow response times or crashes the server completely, often allowing attackers to expose vulnerabilities which they can exploit.
- DDoS attacks (Distributed Denial of Service)
These are multi-machine attacks which unify to target a single host and are used to disrupt regular web traffic and take a site offline. The attack overloads the host’s server forcing it to crash which in turn brings down your website, network or applications. It’s often used as a distraction technique for cyber criminals to ‘break in’ while a business or organisation focusses on restoring its site or as an act of revenge for whatever reason.
- Brute force attempts
A ‘simple’ tactic employed by hackers to discover passwords. A bit like trying every key on the keyring until you find one that unlocks the door, they’re armed with an extensive list of login credentials such as used or real user usernames and passwords and will submit combinations in the hope of guessing correctly to gain access to a system.
- Cross Site Scripting (XSS)
XSS is a security vulnerability often found in web applications. By injecting malicious code into a vulnerable application, it targets unsuspecting users via trusted web pages and can steal cookies containing sensitive information and monitor activity leading to data breaches including credentials.
- Directory traversal
Also known as file path traversal, this is a web security vulnerability which allows an attacker to access restricted directories and read files on an application’s server exposing code, data and back-end system credentials. In a worst-case scenario, they may be able to take full control of the server.
All the above sound nasty and they are. If not properly managed.
As well as financial consequences there can be reputational repercussions for those who fall victim.
Going back to basics is the way forward.
There are several basic ways for businesses to help minimise risk:
• Use strong passwords to fend off brute force attacks.
• Enable Two-Factor Authentication to help bat off potential bot attacks. This adds an additional layer of security which should send those pesky username site searchers packing.
• Update your software frequently. Outdated software is often the main reason sites get hacked.
• Ensure you have a robust system in place to back up all your critical data. Whether it’s due to cybercrime or human error, the loss of data can be crippling to a business.
• Run regular security tests to scan for malware and changes made on your site. Forewarned is forearmed and prompts you to act on suspicious activity and lock down any vulnerabilities.
• Educate employees when it comes to cyber security threats such as email phishing scams. Human error is said to account for 88% of data breaches in the UK3 so it makes sense to invest in cyber security training for your workforce.
Cornerstone’s prevention patrol.
We get all this cybercrime stuff sounds chilling, daunting even.
But we’re not phased, and neither should you be.
Cornerstone has been the first line of defence for many of its clients for many years.
Our web development and digital teams have extensive knowledge and experience in cyber security.
We provide cost-effective, peace of mind web maintenance plans which ensure the latest security patches are in place to keep client sites safe and secure at all times.
From regular software, malware and security checks to bug fixes and site audits, we oversee all areas of your website’s safety and functionality for one affordable monthly cost.
Contact us now to find out more about our web maintenance plans here.
It’s also a service we provide through our marketing retainers.
But if you don’t have this high level of support and you’d like to find out more about how we can help to protect you against the perils of cybercrime, we more than happy to offer advice and assistance.
Feel free to get in touch via email firstname.lastname@example.org or call us on 0161 213 9941.
Gill has been a journalist for way longer than she cares – or dares to remember. Formerly a news reporter, feature writer and beauty columnist working for newspapers across Greater Manchester, the switch flicked, the light came on and she headed straight for PR. Gill works across a number of sectors including health, pharma, leisure […]Find out more about us