Cybercrime is on the rise, and small businesses are increasingly being targeted. Whilst it can be easy to imagine that only large corporations fall prey to cyber attacks, do not be fooled. A small business is just a likely as a large multi-national enterprise to be the victim of cybercrime, but because these incidents do not receive as much media coverage they can easily go unnoticed. In fact, recent data shows that more than 50% of small businesses have experienced a cyber attack. Whatever size your business is, a cyber attack is like a wildfire that can spread through your system rapidly if you aren’t vigilant enough. The consequences of cybercrime can also severely affect your businesses reputation, finance and productivity, as well as putting you and your customers at risk.
We want to help small businesses to be informed about the risks of cybercrime, and what they can do minimise the threat to their business. That’s why we’ve teamed up with top IT support company Lucidica to deliver a new series of cybersecurity seminars giving you the lowdown on how to identify, protect and prevent an attack.
The first seminar takes place on January 25th, 2018 and we’ve caught up with Josh Evans – one of Lucidica’s top tech engineers – to tell us more about the murky world of cybercrime and give you a sneak peek of what you can expect from the session.
1. Josh, thanks for partnering with us to guide small businesses through the world of cybercrime. Could you explain more about what actually happens during a cybercrime event?
Basically, there are essentially six keys steps to a cyber attack that business owners should know about. It’s vital that small business owners understand how hackers are spying into their systems to help them identify potential breaches. These six steps are:
- Information Gathering: this is where your potential hacker is spying on you and exploring what sort of data you are likely to hold.
- Network Mapping: at this stage, the hacker begins studying your connectivity online to paint a fuller picture of your network and reach; this might include looking into partner organisations or collaborators.
- Vulnerability Identification: hackers are super skilled at finding the unprotected spots in your network and exploiting these.
- Penetration: once a hacker has identified a definite weakness in your system, the initial attack commences.
- Privilege Escalation: once the hacker has penetrated your system, the virus or bug can begin replicating and spreads, compromising more and more of your precious data as it grows.
- Maintaining Access: as soon as the bug is in your system, it’s too late and resolving the issue is likely to be costly in terms of times, money and resources. The key thing to remember is that prevention is always better than cure, so it’s essential that small businesses understand how to protect themselves from the risks, especially at the earlier stages.
2. So how can a small business actually identify where the weaknesses in their system are?
This does differ depending on the type of business as well as the IT set-up and the way that business processes data and information. In addition, attackers are constantly evolving and advancing to find more sophisticated and discrete ways to breach into IT systems, so even if you have taken steps to protect yourself it’s really important to stay up-to-date. That said, the key areas of any IT system which tend to be the most vulnerable to attack are:
- Configuration issues
- Cross-site scripting
- Information disclosure
In the seminar we explore these areas in more detail, including how they might apply to individual businesses and systems, as well as discuss strategies to mitigate risks and stay safe.
3. What kind of threats are currently on the internet that small businesses should know about?
Again, this is evolving all the time as hackers become more sophisticated and skilled, but the main current threats include:
Ransomware – this is a type of malicious software that steals your data and holds it hostage, usually on the threat of publishing it or perpetually blocking access unless a payment is made. Ramsomware has been in existence since 2005 and continues to be a major threat, especially to companies that hold sensitive data.
Wannacry – this well-known attack case study affected 230k computers in over 150 countries. Wannacry works by bypassing the firewall as a trojan, most likely as a phishing or spear phishing attack. It then exploits gaps in the system to spread inside the network like a worm, meaning any unpatched systems can be affected without user action and prompts, which makes it especially difficult to detect.
Social Engineering – Social Engineering modes of attack rely on human interaction and essentially ‘trick’ people into breaking normal security procedures. They use techniques that appeal to vanity, authority and greed and include various subcategories such as baiting, phishing, spear phishing, pretexting and spam.
At the seminar we share hints, tips and strategies to help you stay aware and spot the tell-tale signs of various types of cyberattack, and what to do next if you suspect you have been hacked. We will also look in more detail at how baiting and phishing scams work as well, as how future tech and IT developments (such as Bitcoin) might affect cyber risks to your business.
Being aware of how cybercrime works is the start of keeping yourself and your business protected online. The key to keeping your data and assets safe in the digital world is to stay one step ahead of the game so that you can treat any vulnerabilities in good time to prevent attacks taking place, or act quickly when they do.
You can book your place at our ‘How to stop online hacks’ seminar here for just £15. With the average cost of a cyber attack on a small firm now standing at over £400,000, it could be the best £15 you’ve ever spent!
Come and join us on January 25th, 2018 and let’s fight these online attackers together.