Cybersecurity is no Longer a Problem
Small Businesses can Ignore
Small Businesses can Ignore
GUEST BLOG
For a small business,
even the smallest of threats can prove fatal to their success. “Small Businesses are not a hacker’s
priority, they only go after big fish”. This is undoubtedly a misconception
and most definitely not true as evidently seen in the past decade in the cyber
world.
A lack of security makes SME’s an easy target. On average, a single breach can cost millions, depending on the level of severity. Small businesses naturally do not have the financial cushion to survive such a catastrophe occurring, this is why they should be cyber aware – (Harris Andrea)
Here are the 3 biggest threats SME’s and small business owners currently face in the world of information security.
1) Ransomware: Ransomware attacks are the most common type of cyber-attacks experienced globally (One happens every 14 seconds). Here, the attacker gain access to your data (often through a phishing email) and hold it hostage until you pay a sum (ransom). Sadly, hackers love to target small businesses for two reasons. Firstly, they tend to have inadequate security. Secondly, they are way more likely to pay the ransom as compared to larger multinational companies. An efficient Antivirus solution can help prevent ransomware attacks.
Example case: Wannacry is a type of ransomware which was used to take the NHS in the UK offline in 2022. Conti ransomware was used to hack the HSE in Ireland in 2021.
2) Training & Awareness: A massive threat that faces small businesses is the lack of awareness when it comes to Information security. Businesses, no matter how big or small, require cybersecurity awareness and education on every level. Every employee should be trained to act and conduct their day to day operations in a safe and secure manner, in order to assist in aiding the protection of the business. Without adequate information security training that is supported by senior management, small businesses run the risk of being compromised.
Example case: Without regular training, employees may not accurately detect the following:
• Phishing emails
• Phone scams
• Data breach’s
• Policy breaches
• Security violations
3) Weak passwords: It is sad to reveal, that many small businesses still rely on insecure and old school authentication methods in order to access data. Small businesses have been found to ignore complexity, regular rotation and secure storage when it comes to password management. The use of 2 factor authentication, multi factor authentication and biometric authentication seems to be lacking when it comes to small businesses. This means the likelihood of a password-based attacks is extremely likely to occur.
Example case: Where passwords are weak such as “Today12345”, “Iloveyou” or “Password123”, this means the likelihood of a brute force, spray or dictionary attack by a hacker becomes more likely. Email accounts are often hacked through password attacks.
1) Ransomware: Ransomware attacks are the most common type of cyber-attacks experienced globally (One happens every 14 seconds). Here, the attacker gain access to your data (often through a phishing email) and hold it hostage until you pay a sum (ransom). Sadly, hackers love to target small businesses for two reasons. Firstly, they tend to have inadequate security. Secondly, they are way more likely to pay the ransom as compared to larger multinational companies. An efficient Antivirus solution can help prevent ransomware attacks.
Example case: Wannacry is a type of ransomware which was used to take the NHS in the UK offline in 2022. Conti ransomware was used to hack the HSE in Ireland in 2021.
2) Training & Awareness: A massive threat that faces small businesses is the lack of awareness when it comes to Information security. Businesses, no matter how big or small, require cybersecurity awareness and education on every level. Every employee should be trained to act and conduct their day to day operations in a safe and secure manner, in order to assist in aiding the protection of the business. Without adequate information security training that is supported by senior management, small businesses run the risk of being compromised.
Example case: Without regular training, employees may not accurately detect the following:
• Phishing emails
• Phone scams
• Data breach’s
• Policy breaches
• Security violations
3) Weak passwords: It is sad to reveal, that many small businesses still rely on insecure and old school authentication methods in order to access data. Small businesses have been found to ignore complexity, regular rotation and secure storage when it comes to password management. The use of 2 factor authentication, multi factor authentication and biometric authentication seems to be lacking when it comes to small businesses. This means the likelihood of a password-based attacks is extremely likely to occur.
Example case: Where passwords are weak such as “Today12345”, “Iloveyou” or “Password123”, this means the likelihood of a brute force, spray or dictionary attack by a hacker becomes more likely. Email accounts are often hacked through password attacks.
Conclusion
Small businesses are
faced with an abundance of cyber threats, but instilling and enforcing a
comprehensive security plan that is supported by senior leaders within the
business, is a helpful solution to support their longevity and prosperity.
Empty space, drag to resize
Supporting Articles
Niall Higgins is the Security Risk Manager for Huawei Technologies.
He is a Certified Cyber Risk Specialist (CCRS) and an Certified Ransomware Uncovered Specialist (RUSC)
Connect to Niall here.
He is a Certified Cyber Risk Specialist (CCRS) and an Certified Ransomware Uncovered Specialist (RUSC)
Connect to Niall here.
HEAD OFFICE
-
ICTTF Ltd
Unit 8, Kinsealy Business Park,
Kinsealy Lane,
Malahide,
Co Dublin
K36 CX92 -
info@icttf.org
support@icttf.org -
+353 (0)1 905 3263
Copyright © - All Rights Reserved - ICTTF Ltd. - Registered Company in Ireland: 567446 - VAT No IE3395678DH