Updated February 2019
Cyber security is becoming an increasing concern for SMEs as more and more business functions are moving to the cloud. It is no longer just managing and storing customer information that pose a security risk – the increased connectivity of employees, clients and partners opens businesses up to new threats. Here are the top three risks for SMEs to look out for in 2017
1. Internal Threats
Hackers have grown increasingly inventive and persistent over the years when it comes to targeting companies from the inside. Whether an employee is compromised indirectly by having their credentials hacked or stolen, or by coercion with offers or threats they wouldn’t want to reveal to their employer, the human aspect of a data system is often the hardest to secure.
Phony emails used in phishing scams can dupe even the most informed users into clicking, as discovered by expert Dr. Zinaida Benenson, a professor at The University of Erlangen-Nuremberg who presented results from a study on phishing at the Black Hat security conference last year. That study showed that although 78% of participants claimed to be aware of the risks of clicking unknown links in emails, 45% of them still clicked an unknown link when tested.
2. Mass Malware Increases
A portmanteau of “malicious software”, the term malware can be applied to any computer programme designed to negatively impact the end-user experience. Credit card data is a key target of cyber criminals. While much of this takes place online, Point of Sales (POS) is becoming a popular area to target in 2017. It is estimated that approximately 60% of purchases at retailers’ POS are paid for using a credit or debit card.
Along with stolen credit card and personal data, malware can be used to seek and destroy files. In 2017, experts are expecting to see more—and more complex—attacks, including those using blastware, which permanently destroys files and even entire systems, and fileless malware and ghostware, which can make it impossible to identify the source of the attack. Other forms of malware to look out for in 2017 are ransomware which blocks access to data until a ransom is paid and displays a message requesting payment to unlock it, and spyware, which enables a user to obtain covert information about another’s computer activities by transmitting data covertly from their hard drive.
3. IoT Hacking
No longer a working theory of Silicon Valley start-ups, the Internet of Things is impacting and automating the lives of most smartphone users around the world. With everything from our kitchen refrigerators to building alarm systems to utility grids linked to apps and laptops, the IoT has created a neatly-connected trail of access points for sophisticated cyber criminals to target. Security professionals anticipate an increase in DDoS (Delivered Denial of Service) attacks on IoT devices, where hackers overload a system to force its shutdown.
Connected end-user devices are at greatest risk because they’re easier to overload than massive, highly-protected corporate systems and because causing interrupted service at the end-user level can be a particularly painful place to hit big companies. 70% of Internet of
Things Devices are vulnerable to hacking or compromise, according to a study by HP.
Who is at Risk?
With greater reliance on information technology comes a higher risk of cyber-attack. A common misconception is that cyber criminals primarily target large corporations, but the reality is that anyone handling or storing customer information is a potential victim. 62 percent of cyber breach victims are small to mid-sized businesses. Luckily, there are straightforward steps all businesses can take to increase their cyber resilience—and cyber insurance is available to protect them if a breach does occur.
Protect your business
The growing field of cyber insurance is helping businesses of all sizes to minimise the financial cost of a cyber-attack. With the average cost of a data breach exceeding €3 million globally and the average DDoS attack costing businesses around €400,000, the value of adding a cyber insurance policy to a larger risk management strategy is now evident for modern organisations.
If you manage, process or store personal or financial information for customers, or if your business relies on connected technology or the uninterrupted provision of digital services to customers, you’re probably considering cyber insurance. OBF are here to help. Contact our team on +353 1 660 1033 or email firstname.lastname@example.org today to discuss your options.
Other useful cyber insurance news items: