Business Info - issue 149 magazine 32 CYBER SECURITY The year’s big cyber threats and how to avoid them The pressure of remote working during the pandemic has made cyber security harder to manage for businesses of all sizes. Many small business owners who adopted new applications and cloud services and introduced or extended their use of Virtual Private Network access over the last two years are now continuing to work remotely or adopting hybrid working patterns, so it is critical their cybersecurity processes are in place and strengthened. Know your enemy Before I highlight the top threats facing small businesses and what steps you can take to mitigate risk, it’s important to present a picture of ‘the enemy’. Banish the stereotype of a hacker or cybercriminal that you may have seen on memes or on social media, that of a twenty-something man in a hoodie, hunched over a computer in an attic. Cybercrime and fraud are big business and one of the fastest-growing sectors in the UK. While criminal operations are well funded and have access to advanced technology to help them automate, accelerate and escalate their attacks, there are also individuals turning to cybercrime as an alternative to other sources of illicit income, such as drug dealing.With kits and tools widely available, it’s easy for these ‘Day Scammers’ to get up and running – and these operators are more likely to target small businesses and individuals. They could even be lurking within your own company. To avoid being caught on the backfoot, businesses should think more like a poacher than a gamekeeper and understand how an attacker exposes vulnerabilities and why. Financial gain remains the primary motivation, but reputation and status Small businesses are prime targets for today’s cybercriminals. In 2021, 39% of small businesses and 65% of medium-sized businesses reported breaches or attacks to their systems, according to research from the Department of Digital, Culture, Media and Sport. You may think your business will be one of the lucky ones or that it is too small to interest cybercriminals, compared to the public sector organisations and global corporations that make the headlines, but statistics show the dangers of this approach. Figures published by Hiscox, the business insurer, reveal that small businesses are the target of 65,000 attempted cyber-attacks every day. And while most attempts fail, a small business in the UK is successfully hacked every 19 seconds. In its recent Cyber Readiness Report 2021, one in six businesses admitted they ‘almost went under’. Statistics from the UK Government’s Cyber Security Breaches Survey reveal that the average cost of all cyber breaches for businesses is £8,460. Cybercrime isn’t simply a technological inconvenience; it has the potential to cause financial and reputational damage. are also drivers. Just as high-profile figures and celebrities seek column inches in the media to raise their profile, so cybercriminals look to gain credibility and kudos through their acquisition of data, which they then trade on the Dark Web to build their ‘star’ status. Growing threats So what are some of the threats that businesses need to be aware of in 2022? n The DarkWeb. There is still a mystique about the DarkWeb and outdated perceptions about what goes on in this murky digital world – that it is simply a marketplace for guns, drugs and pornography. In fact, customer and company data, personal profiling information and passwords are becoming highly sought-after goods on DarkWeb forums. n Double-dipping ransomware. Beware of double-dipping ransomware attacks where hackers threaten businesses with exposing data on the DarkWeb if financial demands aren’t met. Businesses that do pay up might still find that their data is sold or shared regardless of their payment, and any business that has paid up is more likely to be a future target. Strong data encryption is no defence here either, as criminals are prepared to play the long game. Some gamble that advances in quantum computing will help them extract data at some point in the future in a ‘steal now, hack later’ approach. n Typosquatting. Malicious domains and ‘typosquatting’ techniques are on the rise. In these attacks, cybercriminals use malicious URLs to trick consumers into believing they’re in contact with a genuine brand or organisation before stealing their data, infecting them with malware or convincing them to buy fake goods and services. They register a name that looks similar to a genuine brand, with a small change that could be as Jeremy Hendy, CEO of Skurio, the digital risk protection specialist, highlights the cyber threats facing small businesses and outlines the steps they should take to mitigate risk Jeremy Hendy