Technology / #TEISS16: Why small businesses are on cyber criminals’ hit lists

#TEISS16: Why small businesses are on cyber criminals’ hit lists

Small businesses are putting themselves at risk by overestimating the cost and complexity of cyber security, according to an industry expert.

Speaking to Business Reporter ahead of The European Information Security Summit 2016, Patrick Nuttall, head of the London Digital Security Centre, explained that cyber criminals are more interested in SMEs than many business leaders think.

“Basically, small businesses are starting to be seen as soft targets, while many larger businesses are becoming more secure and harder to break into,” he said.

Small firms can be targeted on a large scale, Nuttall explained, with hackers searching the web for vulnerable systems and launching attacks on businesses with poor security.

Often, the target will be data. For example, if a small design business is working on the final version of a large firm’s financial report, it may be easier for criminals to break into the designers’ systems and take the document than it would be to infiltrate the client’s network.

But whether or not it is an SME’s money or data in hackers’ sights, Nuttall said the consequences of a cyber security breach can be extremely costly to small firms.

“From the perspective of the small business security is especially important when you are looking at the kind of losses people are incurring,” he said.

“In the US, a study by the National Cyber Security Alliance found that 60 per cent of small firms go out of business within six months of a data breach.”

One obstacle to cyber security in SMEs is the belief that it is an expensive technology issue, but Nuttall said less-expensive staff awareness and training is just as important.

Social engineering – a threat where criminals trick staff into transferring money or sending them login details – can target employees at any level of an organisation.

“You have your technology problem and your people problem,” Nuttall said.

Luckily, although there are some expensive courses out there, there are also a lot of free cyber security resources online, including on the London Digital Security Centre website.

“You do not necessarily have to go out and buy those things yourself,” Nuttall said. In fact, many providers of other services include cyber security resources in their offerings.

The trouble is that often these materials focus on security at larger firms, but Nuttall told Business Reporter he believes progress is being made to give relevant advice to SMEs.

“It is about coming up with solutions which actually address the needs of SMEs,” he explained. “It is about making it less of a checklist exercise and having conversations and thinking about what the risks will actually be.”

See Patrick Nuttall speak alongside other industry experts at The European Information Security Summit 2016, which takes place in London in February.