The spookiest time of the year is upon us, which means kids (and big kids) across the country are planning their Halloween exploits once again. And like we all know (or have learnt to our cost!), if you get a knock on the door on 31st October, you'd better have some treats ready for whatever ghouls and monsters are waiting on the other side!
Here at Digital Risks, reminiscing about trick-or-treating got us thinking about cyber security (obviously!) which, like Halloween, requires constant vigilance to keep the cyber monsters away. For every cyber trick, businesses and security experts need a response (a cyber 'treat', if you will), to avoid the pain and disruption that attacks can cause.
Here's our pick of the cyber tricks and treats of 2017:
THE TRICK: Cyber-attacks on the rise**
We know it's scary, but the risk of a cyber-attack has increased for companies of all sizes and across all industries in 2017. Research by the Ponemon Institute for Keeper Security found that more than 61% of SMEs have been breached in the last 12 months, compared to 55% the year before. The quantity of stolen data in an average breach has also nearly doubled to 9,350 records, up from 5,079.
THE TREAT: Cloud security is increasingly effective
On the plus side, cloud services - often blamed for cyber vulnerabilities - are becoming more sophisticated all the time, to deal with the cyber nasties out there. Cloud based security solutions are quick to set up and flexible, which is ideal for growing businesses – and they can even be more secure than installing security on your servers. Research by Intel found that trust in public cloud services is increasing year on year, with those who trust it outnumbering those who don't by 2:1.
TRICK: Your biggest weakness is your people
Even with the best technology on your side, reports consistently show that your biggest weakness is your employees. The 2017 State of SMB Cybersecurity Report found that 54% of businesses hit by a data breach said negligent employees were the root cause. Social engineering is big business and one of the most effective ways of getting through your defences. You can read more about this in our recent blog.
TREAT: Password management is improving
Yes, people make plenty of cyber security mistakes, not least when it comes to managing their passwords. BUT, there are signs that awareness is increasing, with a Guardian survey finding that 40% of users now change their passwords at least three times a year, while 56% create complex passwords, with a mixture of uppercase, lowercase letters, numbers and symbols. Nearly half of respondents also say they used two-factor authentication where possible. Find how you can improve your password processes, with our 5 password tips for better SME security.
This year has been ruled by ransomware, with the WannaCry and Petya attacks showing how destructive this kind of malware can be. The rise of ransomware has taken its toll on small businesses in particular, with half (51%) experiencing an attack within the past 12 months and more than half of those (53%) targeted more than once.
TREAT: Antivirus software is now better at blocking ransomware
While employee vigilance and regular back-ups are still the best defence from ransomware, innovative anti-virus tools can now give you some extra protection. Many of these solutions, such as the Kaspersky anti-ransomware tool, use behavioural analysis to detect when ransomware is on a system, intercepting it before it can do any damage. Others, such as AVG's decryption tools, promise to decrypt your files in the event of a ransomware attack.
TRICK: Cybercrime is becoming more organised**
Wide-reaching attacks like WannaCry and Petya are an ominous sign that cyber criminals are becoming more sophisticated and organised. A report by BT and KPMG warns that today's cybercriminals often work for complex operations that act much like businesses, with HR and finance departments. In many cases, these organised groups are selling ready-made attack tools on the dark web to anybody who wants to buy them, meaning they can then be deployed rapidly around the world.
TREAT: Cyber security is becoming more predictive to head off potential threats
Yet, cyber security firms are working hard to counteract the ever-evolving threat, using advanced data analytics and machine learning, to detect attacks more quickly – and even predict them in advance. With foresight of any potential attacks, businesses can lock down their networks before a hit. We're also starting to see more collaboration between different security providers, so that data can be pooled and predictions made even more accurately.
Even with these innovative tools, it is now widely acknowledged that it's more a case of when your business gets hit, rather than if. And we can't pretend the threat is going to go away, particularly as the Internet of Things (IoT) introduces more and more connected devices into the marketplace.
TREAT: Cyber insurance ensures you can respond effectively
The inevitability of attacks is why prevention is only one part of the story, as how you respond is as important, if not more so. A rapid response plan will ensure you can deal with both the physical damage following a breach, as well as legal and PR issues that result, so you can repair your systems and reputation as soon as possible.Thankfully, insurance providers like Digital Risks are constantly updating their cyber policies to cover the latest threats and ensure you have the support you need to respond and recover effectively. For more advice, have a read of our blog on how to respond to an attack.
Unlike trick-or-treaters, cyber criminals don't just show up once per year, so it's vital to stay on top of the physical, technological and human aspects of your security, at all times. To find out more about how insurance can provide a final line of defence, drop us a line at firstname.lastname@example.org or give us a call on 0333 772 0759.
Food for thought
It only takes 2 minutes to get a quote.