Small businesses see a huge rise in cyber-attacks
Almost three quarters of SMEs in the UK reported experiencing a security breach over the past year, according to the latest Government Security Breaches Survey.
This represented a major increase in cyber-crime over the previous two years and could represent a sea-change, as cyber-criminals increasingly target SMEs who tend to have fewer defences in place.
According to the latest figures from digital security firm Symantec, more than half of ‘spear phishing’ attacks carried out in December last year were targeted at SMEs. Spear phishing involves using an email that purports to be from an individual or organisation known to the recipient. It could even be disguised as an email from another individual, typically one higher up than the recipient, within the same organisation. Clicking a link or downloading an attachment could result in malware being spread to the system, which could have a variety of unwanted effects, such as spreading a virus or installing spyware that could be used to retrieve sensitive information.
Cyber security should be a pressing issue for businesses of every size. As well as the costs of repairing any damage done by an individual attack, companies could also suffer from damage to their reputation and potential fines if they are found to have breached data protection rules.
The EU’s new General Data Protection Regulation comes into force in 2018 and could see companies who put customers’ data at risk hit with fines of up to €20m (c. £15.5m) or 4% of their annual turnover, whichever is greater. Along with the other costs associated with an attack, this could leave some businesses in need of corporate recovery measures.
Despite the risks, there’s evidence that many SMEs do not consider themselves to be targets when it comes to cyber-crime. A recent study by insurers Aviva found that nearly half (44%) of SMEs did not consider it likely that they would be a target for cyber-criminals. Almost a quarter (23%) said they were worried but did not know what to do about it while 8% had not considered the risk at all.
By Phil Smith