A study by Aviva highlighted that two in five businesses don’t believe they are at risk from cybercrime and more than a third wouldn’t know how to handle an attack.
The news does not get any better, as Office of National Statistics reports show there were over 2.5 million cybercrime incidents between May and August 2015.
Take the example of HSBC, which was the victim of several online ‘denial of service’ attacks, causing millions of customers to lose access to online banking. The disruption caused by this attack resulted in major headlines and damaged the bank’s reputation.
Or the cyber attack on TalkTalk in 2015, which cost the business between £30 and 35 million, and resulted in unlawful access of personal data for over 150,000 people.
There is no denying that cybercrime is on the increase. This, and the fact that cyber criminals are using ever more sophisticated ways of extracting data from business systems, puts the responsibility firmly on businesses to make sure their data is protected from attacks by putting the right security measures and training in place.
Here are the most common cybercrime threats facing businesses in the UK, plus advice on how you can help prevent your business becoming a victim:
What is it? Malware is an all-encompassing term for a variety of cyber threats including Trojans, viruses and worms. Malware is simply defined as code with malicious intent that typically steals data or destroys something on the computer.
How does it work? Malware is most often introduced to a system through email attachments, software downloads or operating system vulnerabilities.
How can I prevent it? The best way to prevent malware is to avoid clicking on links or downloading attachments from unknown senders. This is sometimes done by deploying robust and updated firewalls which prevent downloads from unknown sources. Installing an up-to-date anti-virus package which includes anti-malware protection will help eliminate malware infecting network devices.
Denial-of-Service (DoS) Attack
What is it? A DoS attack focuses on disrupting service delivery, and the computer network in particular. Attackers send high volumes of data or traffic through the network (i.e. making lots of connection requests), until the network becomes overloaded and can no longer function.
How does it work? There are several different methods, but the most common is the distributed-denial-of-service (DDoS) attack. This involves the attacker using multiple computers to send the traffic or data that will overload the system. In many instances, a person may not even realize that his or her computer has been hijacked and is contributing to the DDoS attack. Disrupting service can have serious consequences relating to security and online access, such as the HSBC example mentioned earlier.
How can I prevent it? DDos attacks are hard to prevent as they are so large now that most Proxy servers and ISPs struggle to stop them happening, the best prevention method is to contact your IT service provider and discuss an action plan for this type of attack. A good IT provider will be able to set up barriers against an attack.
What is it? Often posing as a request for data from a trusted third party, phishing attacks are sent via email and ask users to click on a link and enter their personal data. Phishing emails have become much more sophisticated in recent years, making it difficult for some people to discern a legitimate request for information from a false one.
How does it work? Phishing emails include a link that directs the user to a dummy site that will steal a user's information. In some cases, all a user has to do is click on the link.
How can I prevent it? Verify any requests from institutions that arrive via email over the phone. If the email itself has a phone number, don’t call that number, but rather one you find independently online or within documentation you’ve received from that company. Most companies are adamant that they will not ask for personal information via email. At the same time, most companies strongly recommend that users not make sensitive information available.
These are just some of the most common cyber attacks businesses face. You can reduce the risk by implementing an effective IT security plan with your IT service provider.
Working with the right IT provider can help lower and eliminate cyberattacks and protect your customer data, helping to ensure that your business does not suffer from the lost revenue and reputational damage caused by cybercrime.