The True Threats Facing Your Business

Share This Post

In today’s interconnected digital landscape, the threat of cyber-attacks looms large over businesses of all sizes. While headlines often spotlight breaches at large corporations like BA, Experian, Sony, and Adobe, the reality is that small and medium-sized enterprises (SMEs) are equally vulnerable—even if they don’t make the news!

The potential damage from cyber threats is significant, and understanding these threats is the first step in protecting your business. As a busy business owner, it’s easy to overlook these dangers, but doing so can be costly.

The threats borne from the Internet-connected world to all businesses irrespective of size are: Misconfiguration, Data Loss, Phishing, and Ransomware.

Here’s what you need to know about each of them:

Misconfiguration

Misconfiguration, one of the most common yet underestimated threats, occurs when systems, devices, or applications are not set up correctly. Misconfiguration can be especially dangerous with many businesses adopting cloud technology. For smaller businesses where costs are significant, it is common for business owners to take on the task of configuring a solution without the full knowledge of best practice or security. This can create vulnerabilities that cybercriminals can exploit. A significant aspect of misconfiguration is the failure to apply patches and updates promptly. Unpatched systems are the same as leaving doors unlocked, providing an open invitation to anyone to gain access.

For instance, many cyber-attacks leverage known vulnerabilities in outdated software. Let us be very clear about using the term ‘outdated’. In software, ‘outdated’ means the version being used is not the latest. Updates can be issued anytime, and the frequency can also change. Internet browsers such as Google Chrome can issue multiple updates in a week. When a device or application is not updated, it can be exploited, leading to unauthorized access, data breaches, and more.

Steps to mitigate misconfiguration risks

  • Make sure all your software and systems have the latest security patches and updates. Ideally, as soon as they become available!
  • Frequently review your system settings to spot and fix any weaknesses
  • Limit user permissions to only what they need to do their jobs

Data loss

Data loss can occur through accidental deletion, hardware failure, or cyber-attacks. The impact of data loss is profound, leading to operational disruptions, financial loss, and reputational damage. In today’s data-driven world, losing critical business data can be catastrophic.

Preventive measures against data loss

  • Regularly back up your data to ensure you can quickly restore it if needed
  • Encrypt important data to keep it safe from unauthorized access, whether it’s being sent over the internet or stored on your devices
  • Train your team on how to handle data properly and understand why data protection is crucial

Phishing

Phishing attacks involve tricking individuals into revealing sensitive information such as login credentials or financial details. These attacks often come in the form of deceptive emails or messages that appear legitimate.

Combatting phishing attacks

  • Regularly train your employees to spot and handle phishing attempts
  • Use email filters to catch and block phishing emails
  • Add an extra layer of security with multi-factor authentication (MFA). This means that even if someone gets your password, they still need a code sent to your phone to log in

Ransomware

Ransomware is a type of malware that encrypts a victim’s data, with the attacker demanding a ransom to restore access. The financial and operational impact of ransomware can be devastating. Businesses may face prolonged downtime, loss of sensitive data, and significant ransom payments.

Ransomware defence strategies

  • Regularly back up your data and keep a copy offline in a safe place
  • Use special software (EDR) to watch for and stop ransomware attacks. EDR helps protect your computers from threats
  • Create and update a plan for how to respond quickly if a ransomware attack happens

These preventative actions and tools are no longer a ‘nice to have’ – they are mandatory and there to stop today’s threats. Security is a very dynamic environment and cyber criminals are clever and always finding innovative ways to get round defensive controls.

The challenge that every business faces is: ‘How do I protect against these threats?’, ‘How much is the cost of protection?’, ‘What is the impact on my business?’ and critically… ‘What is the likelihood of my business being targeted?’

Each business will need to answer these questions for themselves as there is no silver bullet.

What I can say is this:
  • 85% of emails are reported as spam* of that, scams and fraud account for about 2.5% of all spam emails
  • Phishing statistics indicate that identity theft is the goal of 73% of fraudulent spam emails
  • More than 99% of attacks require human interaction to succeed
  • 5% of data loss is a result of misconfiguration on cloud storage**

The above statistics show the threat is real and dangerous, and effective safeguards to protect you are a better strategy than thinking ‘It is not going to happen to me!’.

The cost of a cyber security incident for small businesses

The impact of a cyber security breach on any business is huge. The larger the impacted organisation, the larger the final bill. However, smaller organisations can significantly suffer as the cost is proportional, and there is less of a financial buffer to ease the impact.

Research shows that the average cost for a small business experiencing a cyber security breach is approximately £6,000. This can cover various expenses such as immediate response costs, loss of business, and longer-term recovery and security improvements***.

For small businesses, short-term costs typically include hiring external experts for forensic analysis, legal fees, and paying ransoms or fines. These can average around £1,206 per incident​****. Longer term costs might involve replacing compromised hardware and software, training staff, and implementing new security measures. For businesses with more severe breaches leading to significant data loss or operational downtime, costs can escalate to an average of £6,940****.

Below is a simple cost overview of what a breach could look like if it were to happen to your small business. Note that some unknowns will remain until after a breach has occurred as there are too many variables.

The impact of each cyber incident can be measured using the following way:

The Known Costs

  • Lost productivity days – staff number x day cost x outage time
  • Rebuild and recover – experts to help with actual restoration of services

The Unknown Costs

  • Reputational Loss – loss of client base following breach (renewal) and net new clients (differential between expected and actual revenues) for a period following the breach
  • Operating Loss – uplift in Cyber Insurance and new cyber protection technologies and services
  • Cost of data loss – Information Commissioner’s Office (ICO) fines and depending on your business other regulatory bodies such as Financial Conduct Authority (FCA)
Internet-borne threats primarily use the following tactics:
  • Stolen or harvested credentials (your email address and password)
  • Tricking the user to perform a task

These two primary tactics use media channels as the primary platform by that I mean email, texts, social media posts, and voicemails.

Clicking on website links, opening attachments, performing an activity following an email (in terms of updating fields in another system) all rely on the recipient to do something, and the technology employed within the business has vulnerabilities that can be exploited.

So, let’s summarise. How do you protect against an ever-growing problem? There are 3 main areas all businesses should focus on:

Area

Control

Detail

Identity

Ensure yours don’t have more rights than necessary

A user logged on to a laptop should not need ‘Administrator’ rights to do their daily tasks

 

Use Multifactor Authentication (MFA)

This requires a second piece of information to be able to log into a system or application

 

Monitoring your business digital footprint exposure

Proactive searching for when account credentials have been compromised

Endpoint

Invest in Endpoint Detect and Response protection software

Detects and blocks advanced techniques used by many hackers. Recommend Microsoft Defender for Endpoint

 

Invest in a management platform to provide visibility across estate

Detects exploitable vulnerabilities and deploying centralised configurations

Email

Implement antispam and antivirus protection at the email gateway

Cloud email solutions such as Microsoft M365 include customisable anti-phishing and virus controls to help protect your business

 

Implement DMARC, DKIM and SPF controls

These are specific email infrastructure controls that stop the many loopholes in most email systems

 

Monitoring your business digital footprint exposure

Proactive searching for when account credentials have been compromised

The threats are very real and pose significant risks to businesses. Whilst the action list looks easy, it requires people, processes, and technology. Partnering with a cybersecurity provider like 2tela will ensure the gaps are filled, supporting your existing teams and capabilities.

For more information on how we can help you protect against cyber-attacks, please contact us for a discussion here

Request a call back from team 2tela

Fill in your details and we'll be in touch

More To Explore

Threats & Exploits

Cyber operations during conflict and war

Middle East tensions significantly increased following the UK designated terrorist group Hamas attacked Israel on 7th October. Cyber operations are increasing and is a growing threat to UK businesses.

Do You Want To Boost Your Business?

drop us a line and keep in touch

Please Login

First timer?

Learn how we help give businesses peace of mind and security

Fill in the form and we'll be in touch.