According to the RAS, only 9% of UK SME’s have an IT security strategy in place to protect them from IT security threats in 2017. The majority of UK SME’s believe they don’t have a large enough budget or enough human resources to invest in an IT security strategy.
Unfortunately, the potential impacts of neglecting IT security can be catastrophic for an SME. Despite last year’s high-profile security breaches from the likes of Yahoo! and Dropbox, many SME’s bear an “it won’t happen to me” stance. This is a dangerous attitude to uphold; last year a Blackburn-based SME was the victim of a surprise ransomware attack. The company had over 12,000 crucial data files encrypted and had to pay hackers more than £3000 to have their files decrypted.
Hackers are aware that many SME’s have lower IT security defences than large-scale corporations and are beginning to take advantage of the “it won’t happen to me” attitude that many SME’s uphold. Consequently, more and more hackers are beginning to focus their attention on small businesses. Here are the largest IT threats to SME’s you need to look out for this year.
The 4 Biggest IT security threats in 2017
Ransomware is a type of malicious often hidden in links sent via phishing emails. Opening the infected link will encrypt all the data on the SME’s network. The data will remain encrypted until the victim pays an agreed ransom to the perpetrator of the attack. This type of cyber-attack is becoming more frequently carried out on SME’s, as seen in the Blackburn-based firm case we mentioned earlier.
CEO Fraud is committed when an attacker spoofs an email posing as the CEO of an enterprise. The perpetrator will often utilize personal details about senior staff members to make these emails conceivable to other employees. The emails are intended for employees with financial authority within the company and aim to request payments to be made to dummy corporations. The FBI estimated CEO scams have cost organizations more than £1.8 billion in the last three years.
A Distributed Denial of Service attack (DDOS) involves an attacker compromising tens of thousands of computers, the attacker then uses these computers to flood their intended victim’s server. This gives the attacker the power to take down a victim’s website. These types of attacks have become more frequent on SME’s because the perpetrator is given the power to take down a website during critical time periods. Last year, thousands of flower shops received ransom notes the morning before valentine’s day, the random demanded £1000 else they would take down their website on their busiest business day of the year.
Human error encompasses IT security breaches which are at the fault of an employee. Examples of human error can include walking out of the building with an un-encrypted laptop or not disposing of sensitive data correctly. These seemingly harmless actions can have devastating consequences for an SME.
What the EU’s 2018 General Data Protection Regulation means for you
The implementation of the EU’s ‘General Data Protection Regulation’ in 2018 will lead to further consequences for your business in the event of an IT security breach. The new regulation states that companies will be fined up to 4% of their annual turnover if they allow for a security breach that compromises their customers data. This new law means that your business will have to prepare for a further financial hit on top of initial lost revenue and damaged reputation.
What can you do?
At Southbank-IT we offer a range of IT security consultancy services. Our services include strategic advice and solutions to enhance IT systems and ensure clients are less susceptible to IT security threats in 2017. To find out more, click here or