Cyber security: do you know the threats your business is facing?

Facebook, the NHS, Yahoo, SolarWinds. We’ve all seen the headlines as major organisations suffer cyberattack after cyberattack. But it isn’t just global corporations that are at risk. According to the UK Government, in the last 12 months alone almost 40% of UK businesses experienced a cyber attack. The consequences are significant, from operational downtime and reputational damage to economic costs and legal ramifications. 

What are the most common cyber security threats?

There is a multitude of ways that your business can be upended by cyber attacks. While the specific vulnerabilities of individual businesses vary, 3 of the most common cyber security threats are: 

  • Data theft — this is usually carried out by cybercriminals looking to sell customer data but can also be due to corporate espionage 
  • Ransomware attacks — these shutdown your access to your IT systems until you pay a ransom, as happened to the NHS with the WannaCry attack
  • Unauthorised access to your IT systems — this includes access to your data, applications, networks and devices

Reducing your vulnerabilities

To reduce your chances of a cyberattack, the first step is to identify where your risks lie. Risks usually fall into 3 categories: 

1) Data risks

According to Open UK, 89% of UK businesses run open-source software. This is a great way to save money and foster software collaboration, and also gives your business the freedom to use and upgrade software as you please. But it comes with one, significant drawback — the nature of open source code makes it more likely that vulnerabilities will be introduced, either inadvertently or intentionally, which cybercriminals can exploit. 

The number of open source vulnerabilities identified continues to rise, with almost 9,700 found in 2020 — and those are just the ones we know about. If any aspect of your business runs on open source software, you need to assess the vulnerabilities present (there almost certainly will be some) so that you can take steps to resolve them.

However, not all data risks come from your software. The people factor comes into play with data too — employees that employ lax data security practices or fall for social engineering attacks (e.g. phishing scams) can unintentionally leave you vulnerable to attack. It is, therefore, important to train your employees in cyber security hygiene. 

In addition, you can take steps to strengthen and/or restrict data access and reinforce security through end-to-end encryption, detailed data audits, regular data backups and zero-trust security strategies. 

2) Hardware risks

Many people assume cyber security is all about the digital threat to data. However, hardware can be just as vulnerable to cyber-attacks. Faulty design, flawed processors and older hardware that can’t be updated with security patches can all leave you vulnerable. These risks increase with third-party vendors which leads to more complex and less accountable manufacturing supply chains.

As for physical attacks, these may come in the form of employees using infected USB drives, criminals intercepting data via external internet drop lines or breaking into server rooms to install rogue devices. 

To reduce your risks, carry out regular hardware audits to check the vulnerabilities of your devices and systems, and once again, carry out employee training so everyone understands and adheres to cyber security best practices. When it comes to physical threats to your servers, installing Cross-Guard security cage enclosures can protect your servers from criminal interference. 

3) Third-party risks

Take a moment to think of how many third parties are involved in your supply chains — vendors, suppliers, brokers, contractors, consultants, outsourcing firms, and the list goes on. How many of them have significant access to your systems and/or customer data? How many of them have too much-privileged access?

A recent survey found more than half of organisations experienced a data breach due to third-party access. While many businesses rightly take steps to monitor the access their employees have to sensitive systems and data, third parties often get forgotten. 

Reduce your risk by implementing a comprehensive third-party cyber security management process. This should involve carrying out cyber security audits of suppliers before you grant them any access to your systems. 

separator-icon

Call us now to see how we can help you

GET A QUOTE

Get a Quote Form

  • This field is for validation purposes and should be left unchanged.