Posted: Monday, December 16, 2019
Unfortunately, it’s a sad fact that smaller companies are more likely to fall victim to cyber criminals than larger ones. You may think that because you don’t have a high turnover or a prominent public profile that you can escape detection from cyber criminals, but don’t be fooled. Criminals know that larger companies have significant security resources, thus making circumvention of these defenses much harder and this challenge often acts as a deterrent.
If they do manage to break-in, the payback may be substantial, but so is the risk. Spending three months trying to hack into an organization takes significant investment from a hacker and the risk of detection will grow each day. A large company is far more likely to report a breach to the authorities and try to recover its lost data or money.
Often it is easier to target 50 small companies, where the risk of detection is minimal. These small companies won’t have the skills or the resources to put in place complex defenses and 50 small targets can often be more valuable than one large one.
I often hear “well the hacker will get in anyway, won’t they? So why bother spending all this money when it won’t do any good!” A well-resourced hacker or sovereign state with limitless resources will indeed get in, but this is not what you are trying to defend against. Making your company less palatable, is the goal you want to achieve.
Most hacks, like thefts, are opportune. The hacker will scan thousands of IP addresses until they find a vulnerable one and then exploit it. They may even be in your system for months or years, gathering information before you are aware of it. On average, it takes 177 days for a break in to be detected, for every threat that is detected quickly, there are far more that are not. Your company could have been breached in January and you may not even be aware yet!
So, what can you do?
Well, you wouldn’t leave your car unlocked in the street, would you? Yes, we all know that if someone wants to steal it they will. You lock it to prevent the opportune thief and that is what you need to do with your IT systems.
If you’re not a cyber security expert, where do you start?
Luckily you don’t have to be an expert to make a difference. Schemes such as Cyber Essentials and Cyber Essentials Plus address the most common themes. Think of these as mini-audits of your IT systems against the most common ways hackers get in. If you carry out a Cyber Essentials certification, you will address 80% of the most common vulnerabilities in IT systems today. This may not be 100% foolproof, but it goes a long way in helping you to deter that opportune hacker, encouraging them to move on to the next easier target, the next car in the street.
So lock your car – show clients and hackers that your company takes information security seriously. Complete Cyber Essentials/Essentials Plus and help to secure your IT systems from attack
We’ve written a short guide to help you better understand Cyber Essentials Certification and how it can benefit your organisation.