UK Businesses Unprepared for Cyber Threats

January 4, 2017 Cyber Threats

Despite an increasing number of high-profile cyber attacks worldwide, UK businesses are still leaving themselves vulnerable to hackers and cyber threats according to new figures.

A new report published by Advanced, the UK’s third largest software and services provider, found that a quarter of companies were not taking adequate steps to improve cyber security.

Moreover, a survey of internet security professionals has found confidence in the country’s ability to stave off serious cyber threats had plummeted in the past year. Just over half of the IT security experts surveyed in the UK believe risks from cyber crime are being adequately assessed, down 14 per cent from last year.

This comes after the government earlier this year published figures showing that cyber attacks were costing the UK economy £27bn each year.

New Year, New Cyber Threats

Part of the problem facing businesses is the ever changing nature of the threat posed by cyber criminals.

A recent attack which knocked out broadband access for half a million TalkTalk and Post Office customers was a high profile example of a strategy expected to be used more and more by hackers. By stealing WiFi passwords, cyber criminals are able to hijack routers to spread malware.

Another sinister threat this poses is giving hackers the opportunity to write malware directly onto a computer’s RAM, without using any carrier files, making it incredibly hard to detect and remove.

Many businesses and consumers never change their WiFi router key from the one supplied by their IP provider, making it easy for hackers to steal access details from a single database.

In another development, access to compromised web servers and new automated turnkey technology has lead to hackers setting themselves up to provide ‘Phishing-as-a-Service’ – offering to run so-called phishing email scams at low cost as a third party provider. This has apparently led to a spike in the profitability of phishing, and the threat can be expected to increase accordingly.

Make Your Resolution

All of this can sound daunting – but without understanding the scale of the threats out there, businesses will continue leaving themselves exposed.

The first step to better protection to make as part of your company’s New Year’s Resolutions is to update, or create, your digital security policy. Working with a formal policy helps you to review and understand risks, respond proactively and plan what to do in the event of a security breach.

As a starting point, approach your cyber security policy with the following three areas in mind:

  • Systems: This covers everything in your network, from WiFi and VOIP telephones to email and social media. List everything, and consider potential weak points – are people using their own mobile devices on business WiFi networks? Are they secure? When were your firewall settings last checked? What controls do you have on opening SPAM and suspicious emails? How is your data stored, protected and backed up – especially any data belonging to suppliers, clients customers?
  • Devices: It can be easy to forget to configure new devices to a broader IT security system, especially if staff use their own mobile phones or laptops in work. Conversely, are people using work devices at home, and how are you managing security there? A virus which lands through unsecure home broadband can easily wreak havoc when that device is reconnected to your works system.
  • Users: How people use technology – whether it be taking care with odd looking emails, setting their own devices up safely in the office, or following protocols for data handling and protection – is the single biggest factor in protecting against cyber crime. Companies which hire a trained IT specialist to manage the malware and think they are safe are the ones which get found out. It only takes one person to open one scam email to launch a phishing attack or download malware, so invest in educating your staff to protect your business.